If you would like to inform the caller, better to go for exceptions. But since you said you will be handling the decision, which implies internal to the component or application, I suggest you to use the ValueObject method.
Is the client going to DO anything different based on all these booleans? If it's only going to display different messages, why make the client interpret them at all. Maybe just return one authenticated boolean and a message.
Even that might be too much.
Any of that sound interesting?
A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi