diff --git a/pkg/cli/client/client.go b/pkg/cli/client/client.go
index 021afe7d..86df4374 100644
--- a/pkg/cli/client/client.go
+++ b/pkg/cli/client/client.go
@@ -579,10 +579,12 @@ func Signin(ctx context.DnoteCtx, email, password string) (SigninResponse, error
 		return SigninResponse{}, errors.Wrap(err, "marshaling payload")
 	}
 	res, err := doReq(ctx, "POST", "/v3/signin", string(b), nil)
-
-	if res.StatusCode == http.StatusUnauthorized {
-		return SigninResponse{}, ErrInvalidLogin
-	} else if err != nil {
+	if err != nil {
+		// Check if this is a 401 Unauthorized error
+		var httpErr *HTTPError
+		if errors.As(err, &httpErr) && httpErr.StatusCode == http.StatusUnauthorized {
+			return SigninResponse{}, ErrInvalidLogin
+		}
 		return SigninResponse{}, errors.Wrap(err, "making http request")
 	}
 
diff --git a/pkg/cli/client/client_test.go b/pkg/cli/client/client_test.go
index 31b6d6c8..3bb99e93 100644
--- a/pkg/cli/client/client_test.go
+++ b/pkg/cli/client/client_test.go
@@ -124,6 +124,18 @@ func TestSignIn(t *testing.T) {
 		assert.Equal(t, result.Key, "", "Key mismatch")
 		assert.Equal(t, result.ExpiresAt, int64(0), "ExpiresAt mismatch")
 	})
+
+	t.Run("network error", func(t *testing.T) {
+		// Use an invalid endpoint that will fail to connect
+		endpoint := "http://localhost:99999/api"
+		result, err := Signin(context.DnoteCtx{APIEndpoint: endpoint, HTTPClient: testClient}, "alice@example.com", "pass1234")
+
+		if err == nil {
+			t.Error("error should have been returned for network failure")
+		}
+		assert.Equal(t, result.Key, "", "Key mismatch")
+		assert.Equal(t, result.ExpiresAt, int64(0), "ExpiresAt mismatch")
+	})
 }
 
 func TestSignOut(t *testing.T) {