diff --git a/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php b/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php
index 8608d80..ee3a64c 100644
--- a/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php
+++ b/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php
@@ -59,7 +59,6 @@ public function authenticate(Request $request) {
     if ($result->success) {
       return $result->user;
     }
-    return FALSE;
   }
 
   /**
diff --git a/core/modules/user/src/Authentication/UserAuthFlood.php b/core/modules/user/src/Authentication/UserAuthFlood.php
index f47d58a..024c139 100644
--- a/core/modules/user/src/Authentication/UserAuthFlood.php
+++ b/core/modules/user/src/Authentication/UserAuthFlood.php
@@ -95,7 +95,7 @@ public function authenticate($username, $password, $channel, $request) {
         }
         if ($account->isBlocked()) {
           $auth_result->errorCode = AuthResult::ERROR_USER_BLOCKED;
-          $auth_result->errorMessage = $this->t('The user has not been activated or is blocked.');
+          $auth_result->errorMessage = $this->t('The username @name has not been activated or is blocked.', array('@name' => $username));
         }
         // Don't allow login if the limit for this user has been reached.
         // Default is to allow 5 failed attempts every 6 hours.
diff --git a/core/modules/user/src/Form/UserLoginForm.php b/core/modules/user/src/Form/UserLoginForm.php
index ebbbf0d..4aace24 100644
--- a/core/modules/user/src/Form/UserLoginForm.php
+++ b/core/modules/user/src/Form/UserLoginForm.php
@@ -145,8 +145,12 @@ public function validateAuthentication(array &$form, FormStateInterface $form_st
       }
       else {
         // The error messages from the authentication service are plain text,
-        // but we want proper password reset links for some of them.
+        // but we want proper password reset links and HTML markup for them.
         switch ($result->errorCode) {
+          case AuthResult::ERROR_USER_BLOCKED:
+            $form_state->setErrorByName('name', $this->t('The username %name has not been activated or is blocked.', array('%name' => $form_state->getValue('name'))));
+            break;
+
           case AuthResult::ERROR_INVALID_CREDENTIALS:
             // Use $form_state->getUserInput() in the error message to guarantee
             // that we send exactly what the user typed in. The value from
diff --git a/core/modules/user/tests/src/Functional/UserLoginHttpTest.php b/core/modules/user/tests/src/Functional/UserLoginHttpTest.php
index 3a70b5d..00c2a95 100644
--- a/core/modules/user/tests/src/Functional/UserLoginHttpTest.php
+++ b/core/modules/user/tests/src/Functional/UserLoginHttpTest.php
@@ -145,7 +145,7 @@ public function testLogin() {
           ->save();
 
         $response = $this->loginRequest($name, $pass, $format);
-        $this->assertHttpResponseWithMessage($response, 400, 'The user has not been activated or is blocked.', $format);
+        $this->assertHttpResponseWithMessage($response, 400, "The username $name has not been activated or is blocked.", $format);
 
         $account
           ->activate()