diff --git a/core/user.js b/core/user.js
index a712829c..609a9e43 100644
--- a/core/user.js
+++ b/core/user.js
@@ -152,6 +152,7 @@ module.exports = class User {
                         if(!_.has(tempUser.properties, UserProps.AccountLockedPrevStatus)) {
                             props[UserProps.AccountLockedPrevStatus] = tempUser.getProperty(UserProps.AccountStatus);
                         }
+                        Log.info( { userId, failedAttempts }, '(Re)setting account to locked due to failed logins');
                         return tempUser.persistProperties(props, callback);
                     }
 
@@ -243,6 +244,10 @@ module.exports = class User {
                             const minutesSinceLocked = moment().diff(lockedTs, 'minutes');
                             if(minutesSinceLocked >= autoUnlockMinutes) {
                                 //  allow the login - we will clear any lock there
+                                Log.info(
+                                    { username, userId : tempAuthInfo.userId, lockedAt : lockedTs.format() },
+                                    'Locked account will now be unlocked due to auto-unlock minutes policy'
+                                );
                                 return callback(null);
                             }
                         }
diff --git a/core/user_login.js b/core/user_login.js
index be2a99a1..fa9ae676 100644
--- a/core/user_login.js
+++ b/core/user_login.js
@@ -24,14 +24,13 @@ function userLogin(client, username, password, cb) {
         const config = Config();
 
         if(err) {
-            client.log.info( { username : username, error : err.message }, 'Failed login attempt');
-
             client.user.sessionFailedLoginAttempts = _.get(client.user, 'sessionFailedLoginAttempts', 0) + 1;
             const disconnect = config.users.failedLogin.disconnect;
             if(disconnect > 0 && client.user.sessionFailedLoginAttempts >= disconnect) {
-                return cb(Errors.BadLogin('To many failed login attempts', ErrorReasons.TooMany));
+                err = Errors.BadLogin('To many failed login attempts', ErrorReasons.TooMany);
             }
 
+            client.log.info( { username : username, error : err.message }, 'Failed login attempt');
             return cb(err);
         }
 
diff --git a/core/web_password_reset.js b/core/web_password_reset.js
index 06fd7838..ceefe9c5 100644
--- a/core/web_password_reset.js
+++ b/core/web_password_reset.js
@@ -288,6 +288,10 @@ class WebPasswordReset {
                     user.removeProperties([ UserProps.EmailPwResetToken, UserProps.EmailPwResetTokenTs ]);
 
                     if(true === _.get(config, 'users.unlockAtEmailPwReset')) {
+                        Log.info(
+                            { username : user.username, userId : user.userId },
+                            'Remove any lock on account due to password reset policy'
+                        );
                         user.unlockAccount( () => { /* dummy */ } );
                     }