diff --git a/src/auth/password/PasswordAuthMethod.ts b/src/auth/password/PasswordAuthMethod.ts
index 11993d6..c3f053c 100644
--- a/src/auth/password/PasswordAuthMethod.ts
+++ b/src/auth/password/PasswordAuthMethod.ts
@@ -54,10 +54,10 @@ export default class PasswordAuthMethod implements AuthMethod<PasswordAuthProof>
             await this.app.as(AuthComponent).getAuthGuard().authenticateOrRegister(req.getSession(), passwordAuthProof);
         } catch (e) {
             if (e instanceof AuthError) {
-                Throttler.throttle('login_failed_attempts_user', 3, 180000,
-                    <string>user.getOrFail('name'), 1000, 60000);
-                Throttler.throttle('login_failed_attempts_ip', 5, 60000,
-                    req.ip, 1000, 60000);
+                Throttler.throttle('login_failed_attempts_user', 3, 3 * 60 * 1000, // 3min
+                    <string>user.getOrFail('name'), 1000, 60 * 1000); // 1min
+                Throttler.throttle('login_failed_attempts_ip', 50, 60 * 1000, // 1min
+                    req.ip, 1000, 3600 * 1000); // 1h
 
                 if (e instanceof PendingApprovalAuthError) {
                     req.flash('error', 'Your account is still being reviewed.');