diff --git a/Sources/xcodeinstall/API/AuthenticationMFA.swift b/Sources/xcodeinstall/API/AuthenticationMFA.swift
index b5689a8..b282555 100644
--- a/Sources/xcodeinstall/API/AuthenticationMFA.swift
+++ b/Sources/xcodeinstall/API/AuthenticationMFA.swift
@@ -145,9 +145,15 @@ extension AppleAuthenticator {
                                       method: .POST,
                                       body: try JSONEncoder().encode(body),
                                       headers: requestHeader,
-                                      validResponse: .range(200..<400))
-
-        try await self.saveSession(response: response, session: session)
+                                      validResponse: .range(200..<404))
+
+        if response.statusCode == 400 {
+            throw AuthenticationError.invalidPinCode
+        } else if response.statusCode == 403 {
+            throw AuthenticationError.unexpectedHTTPReturnCode(code: 403)
+        } else {
+            try await self.saveSession(response: response, session: session)
+        }
 
         // should we save additional cookies ?
         // return (try await getDESCookie(), session)
diff --git a/Sources/xcodeinstall/API/NetworkAgent.swift b/Sources/xcodeinstall/API/NetworkAgent.swift
index 5afac45..989d8aa 100644
--- a/Sources/xcodeinstall/API/NetworkAgent.swift
+++ b/Sources/xcodeinstall/API/NetworkAgent.swift
@@ -130,7 +130,7 @@ class NetworkAgent {
         let (data, response) = try await httpClient.data(for: request)
         guard let httpResponse = response as? HTTPURLResponse,
               validResponse.isValid(response: httpResponse.statusCode) else {
-            logger.error("=== HTTP ERROR. Status code not in range \(validResponse) ===")
+            logger.error("=== HTTP ERROR. Status code \((response as? HTTPURLResponse)!.statusCode) not in range \(validResponse) ===")
             logger.debug("URLResponse : \(response)")
             throw URLError(.badServerResponse)
         }