diff --git a/PFERD/authenticator.py b/PFERD/authenticator.py
index 42d8bb9..b2f6164 100644
--- a/PFERD/authenticator.py
+++ b/PFERD/authenticator.py
@@ -42,11 +42,35 @@ class Authenticator(ABC):
     async def credentials(self) -> Tuple[str, str]:
         pass
 
-    def invalid_credentials(self) -> None:
+    def invalidate_credentials(self) -> None:
+        """
+        Tell the authenticator that some or all of its credentials are invalid.
+
+        Authenticators should overwrite this function if they have a way to
+        deal with this issue that is likely to result in valid credentials
+        (e. g. prompting the user).
+        """
+
         raise AuthException("Invalid credentials")
 
-    def invalid_username(self) -> None:
+    def invalidate_username(self) -> None:
+        """
+        Tell the authenticator that specifically its username is invalid.
+
+        Authenticators should overwrite this function if they have a way to
+        deal with this issue that is likely to result in valid credentials
+        (e. g. prompting the user).
+        """
+
         raise AuthException("Invalid username")
 
-    def invalid_password(self) -> None:
+    def invalidate_password(self) -> None:
+        """
+        Tell the authenticator that specifically its password is invalid.
+
+        Authenticators should overwrite this function if they have a way to
+        deal with this issue that is likely to result in valid credentials
+        (e. g. prompting the user).
+        """
+
         raise AuthException("Invalid password")
diff --git a/PFERD/authenticators/simple.py b/PFERD/authenticators/simple.py
index 3a57faf..6ce6265 100644
--- a/PFERD/authenticators/simple.py
+++ b/PFERD/authenticators/simple.py
@@ -1,6 +1,6 @@
 from typing import Optional, Tuple
 
-from ..authenticator import Authenticator, AuthSection
+from ..authenticator import Authenticator, AuthException, AuthSection
 from ..conductor import TerminalConductor
 from ..config import Config
 from ..utils import agetpass, ainput
@@ -42,7 +42,26 @@ class SimpleAuthenticator(Authenticator):
 
             if self.password is None:
                 self.password = await agetpass("Password: ")
-            else:
-                print("Password: *******")
 
         return self.username, self.password
+
+    def invalidate_credentials(self) -> None:
+        if self.username_fixed and self.password_fixed:
+            raise AuthException("Configured credentials are invalid")
+
+        if not self.username_fixed:
+            self.username = None
+        if not self.password_fixed:
+            self.password = None
+
+    def invalidate_username(self) -> None:
+        if self.username_fixed:
+            raise AuthException("Configured username is invalid")
+        else:
+            self.username = None
+
+    def invalidate_password(self) -> None:
+        if self.password_fixed:
+            raise AuthException("Configured password is invalid")
+        else:
+            self.password = None
diff --git a/PFERD/crawlers/ilias.py b/PFERD/crawlers/ilias.py
index 84a7c15..ed3fd9c 100644
--- a/PFERD/crawlers/ilias.py
+++ b/PFERD/crawlers/ilias.py
@@ -156,7 +156,7 @@ class KitShibbolethLogin:
                 soup = await self._authenticate_tfa(sess, soup)
 
             if not self._login_successful(soup):
-                self._auth.invalid_credentials()
+                self._auth.invalidate_credentials()
 
         # Equivalent: Being redirected via JS automatically
         # (or clicking "Continue" if you have JS disabled)