diff --git a/botocross/iam/__init__.py b/botocross/iam/__init__.py
index 50cd383..3550b89 100644
--- a/botocross/iam/__init__.py
+++ b/botocross/iam/__init__.py
@@ -21,3 +21,6 @@
 
 import logging
 iam_log = logging.getLogger('botocross.iam')
+
+RESOURCE_NONEXISTENT = '<nonexistent>'
+RESOURCE_UNAUTHORIZED = '<unauthorized>'
diff --git a/botocross/iam/accountinfo.py b/botocross/iam/accountinfo.py
index 4ec5ca2..af68530 100644
--- a/botocross/iam/accountinfo.py
+++ b/botocross/iam/accountinfo.py
@@ -20,6 +20,7 @@
 # IN THE SOFTWARE.
 
 import boto
+import botocross.iam
 import logging
 
 class AccountInfo:
@@ -32,7 +33,7 @@ def __init__(self, iam_connection):
         self.log = logging.getLogger('boto_cli.iam.AccountInfo')
         self.user = None
         # populate those attributes not leaked via the exception, if user has no permission for iam:ListAccountAliases
-        self.alias = '<not authorized>'
+        self.alias = botocross.iam.RESOURCE_UNAUTHORIZED
 
     def __repr__(self):
         return '<AccountInfo - alias:%s id:%s>' % (self.alias, self.id)
@@ -41,12 +42,16 @@ def describe(self, user=None):
         self.account = {}
         try:
             alias = self.connection.get_account_alias()
-            self.alias = alias['list_account_aliases_response']['list_account_aliases_result']['account_aliases'][0]
+            aliases = alias['list_account_aliases_response']['list_account_aliases_result']['account_aliases']
+            # Is there an alias at all? If so, use the first one (currently only one alias is supported).
+            if len(aliases):
+                self.alias = alias['list_account_aliases_response']['list_account_aliases_result']['account_aliases'][0]
+            else:
+                self.alias = botocross.iam.RESOURCE_NONEXISTENT
         except boto.exception.BotoServerError, e:
             # NOTE: given some information can be deduced from the exception still, the lack of permissions is
             # considered a normal condition still and the exception handled/logged accordingly.
-            # TODO: Identify proper exception code for this condition (rather than raising InvalidClientTokenId only).
-            if e.error_code == 'InvalidClientTokenId':
+            if e.error_code != 'AccessDenied':
                 raise
             self.log.debug(e.error_message)
         try:
@@ -60,8 +65,7 @@ def describe(self, user=None):
         except boto.exception.BotoServerError, e:
             # NOTE: given some information can be deduced from the exception still, the lack of permissions is
             # considered a normal condition still and the exception handled/logged accordingly.
-            # TODO: Identify proper exception code for this condition (rather than raising InvalidClientTokenId only).
-            if e.error_code == 'InvalidClientTokenId':
+            if e.error_code != 'AccessDenied':
                 raise
             self.id = e.error_message.replace('User: arn:aws:iam::', '').partition(':')[0]
             self.log.debug(e.error_message)
diff --git a/botocross/iam/userinfo.py b/botocross/iam/userinfo.py
index 43beb70..56aca36 100644
--- a/botocross/iam/userinfo.py
+++ b/botocross/iam/userinfo.py
@@ -20,6 +20,7 @@
 # IN THE SOFTWARE.
 
 import boto
+import botocross.iam
 import logging
 
 class UserInfo:
@@ -31,9 +32,9 @@ def __init__(self, iam_connection):
         self.connection = iam_connection
         self.log = logging.getLogger('boto_cli.iam.UserInfo')
         # populate those attributes not leaked via the exception, if user has no permission for iam:GetUser
-        self.path = '<not authorized>'
-        self.create_date = '<not authorized>'
-        self.id = '<not authorized>'  # TODO: could be deduced from credentials in use instead.
+        self.path = botocross.iam.RESOURCE_UNAUTHORIZED
+        self.create_date = botocross.iam.RESOURCE_UNAUTHORIZED
+        self.id = botocross.iam.RESOURCE_UNAUTHORIZED  # TODO: could be deduced from credentials in use instead.
 
     def __repr__(self):
         return '<UserInfo - path:%s create_date:%s id:%s arn:%s name:%s>' % (self.path, self.create_date, self.id, self.arn, self.name)
@@ -50,8 +51,7 @@ def describe(self):
         except boto.exception.BotoServerError, e:
             # NOTE: given some information can be deduced from the exception still, the lack of permissions is
             # considered a normal condition still and the exception handled/logged accordingly.
-            # TODO: Identify proper exception code for this condition (rather than raising InvalidClientTokenId only).
-            if e.error_code == 'InvalidClientTokenId':
+            if e.error_code != 'AccessDenied':
                 raise
             self.arn = e.error_message.rpartition(' ')[2]
             self.name = e.error_message.rpartition('/')[2]
diff --git a/setup.py b/setup.py
index 3c7263f..e7353d8 100644
--- a/setup.py
+++ b/setup.py
@@ -9,7 +9,7 @@
     sys.exit(1)
 
 setup(name="botocross",
-      version="1.0.8",
+      version="1.0.9",
       author="Steffen Opel",
       packages=find_packages(),
       scripts=[