diff --git a/mealie/core/security/security.py b/mealie/core/security/security.py
index 4978764cdded..7cd8dd42c3a2 100644
--- a/mealie/core/security/security.py
+++ b/mealie/core/security/security.py
@@ -72,7 +72,9 @@ def authenticate_user(session, email: str, password: str) -> PrivateUser | bool:
             user_service.lock_user(user)
 
         return False
-    return user
+
+    user.login_attemps = 0
+    return db.users.update(user.id, user)
 
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
diff --git a/mealie/services/user_services/user_service.py b/mealie/services/user_services/user_service.py
index 301762910e31..3ad640c8e653 100644
--- a/mealie/services/user_services/user_service.py
+++ b/mealie/services/user_services/user_service.py
@@ -23,7 +23,7 @@ class UserService(BaseService):
         unlocked = 0
 
         for user in locked_users:
-            if force or user.is_locked and user.locked_at is not None:
+            if force or not user.is_locked and user.locked_at is not None:
                 self.unlock_user(user)
                 unlocked += 1
 
diff --git a/tests/unit_tests/services_tests/user_services/test_user_service.py b/tests/unit_tests/services_tests/user_services/test_user_service.py
index 7f6a50e85088..a543eb87b315 100644
--- a/tests/unit_tests/services_tests/user_services/test_user_service.py
+++ b/tests/unit_tests/services_tests/user_services/test_user_service.py
@@ -61,3 +61,34 @@ def test_lock_unlocker_user(database: AllRepositories, unique_user: TestUser) ->
     # Sanity check that the is_locked property is working
     user.locked_at = datetime.now() - timedelta(days=2)
     assert not user.is_locked
+
+
+def test_reset_locked_users(database: AllRepositories, unique_user: TestUser) -> None:
+    user_service = UserService(database)
+
+    # Test that the user is unlocked
+    user = database.users.get_one(unique_user.user_id)
+    assert not user.is_locked
+    assert not user.locked_at
+
+    # Test that the user is locked
+    user.login_attemps = 5
+    user = user_service.lock_user(user)
+    assert user.is_locked
+    assert user.login_attemps == 5
+
+    # Test that the locked user is not unlocked by reset
+    unlocked = user_service.reset_locked_users()
+    user = database.users.get_one(unique_user.user_id)
+    assert unlocked == 0
+    assert user.is_locked
+    assert user.login_attemps == 5
+
+    # Test that the locked user is unlocked by reset
+    user.locked_at = datetime.now() - timedelta(days=2)
+    database.users.update(user.id, user)
+    unlocked = user_service.reset_locked_users()
+    user = database.users.get_one(unique_user.user_id)
+    assert unlocked == 1
+    assert not user.is_locked
+    assert user.login_attemps == 0