diff --git a/app/main/views/two_factor.py b/app/main/views/two_factor.py
index 05896ee8f..f0db0da50 100644
--- a/app/main/views/two_factor.py
+++ b/app/main/views/two_factor.py
@@ -31,7 +31,7 @@ def two_factor():
             services = service_api_client.get_active_services({'user_id': str(user_id)}).get('data', [])
             # Check if coming from new password page
             if 'password' in session['user_details']:
-                user_api_client.update_password(user.id, password=session['user_details']['password'])
+                user = user_api_client.update_password(user.id, password=session['user_details']['password'])
             if user.is_locked():
                 form.sms_code.errors.append('Code not found')
                 return render_template('views/two-factor.html', form=form)
diff --git a/app/notify_client/user_api_client.py b/app/notify_client/user_api_client.py
index 5306b9c22..74d12640a 100644
--- a/app/notify_client/user_api_client.py
+++ b/app/notify_client/user_api_client.py
@@ -152,6 +152,7 @@ class UserApiClient(NotifyAdminAPIClient):
     def activate_user(self, user):
         if user.state == 'pending':
             user.state = 'active'
+            user._failed_login_count = 0
             return self.update_user(user)
         else:
             return user