diff --git a/Security/Services/AuthService.cs b/Security/Services/AuthService.cs
index 4951608..732c031 100644
--- a/Security/Services/AuthService.cs
+++ b/Security/Services/AuthService.cs
@@ -156,8 +156,13 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I
                     var totp = new TotpService(firstTokenAuth.Secret);
 
                     if (!totp.VerifyToken(code))
+                    {
+                        await RecordFailedLoginAttempt(requestContext.Fingerprint, firstTokenAuth.UserId, cancellation);
                         throw new SecurityException("Invalid verification code. Please try again.");
                 }
+
+                    await ResetFailedLoginAttempts(requestContext.Fingerprint, cancellation);
+                }
                 break;
             default:
                 throw new InvalidOperationException("Unsupported authorization method.");