diff --git a/src/routes.js b/src/routes.js
index 8c016615..47a21922 100644
--- a/src/routes.js
+++ b/src/routes.js
@@ -522,17 +522,22 @@ module.exports = async (
           trustedKey => trustedKey === publicKey
         )
         const walletUnlocked = health.LNDStatus.walletStatus === 'unlocked'
+        const { authorization = '' } = req.headers
 
         if (!walletUnlocked) {
-          const unlockedWallet = await unlockWallet(password)
+          await unlockWallet(password)
+        }
 
-          if (!isKeyTrusted && unlockedWallet.field !== 'walletUnlocker') {
-            await Storage.set('trustedPKs', [...trustedKeys, publicKey])
-          }
+        if (walletUnlocked && !authorization && !isKeyTrusted) {
+          res.status(401).json({
+            field: 'alias',
+            errorMessage: 'Invalid alias/password combination',
+            success: false
+          })
+          return
         }
 
         if (walletUnlocked && !isKeyTrusted) {
-          const { authorization = '' } = req.headers
           const validatedToken = await validateToken(
             authorization.replace('Bearer ', '')
           )
@@ -547,6 +552,10 @@ module.exports = async (
           }
         }
 
+        if (!isKeyTrusted) {
+          await Storage.set('trustedPKs', [...(trustedKeys || []), publicKey])
+        }
+
         // Send an event to update lightning's status
         mySocketsEvents.emit('updateLightning')