diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
index 8a474c459..ec3cfb03f 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
@@ -48,7 +48,10 @@ sub init {
     if ( $self->conf->{bruteForceProtectionIncrementalTempo} ) {
         my $lockTimes = @{ $self->lockTimes } =
           sort { $a <=> $b }
-          map  { $_ < $self->conf->{bruteForceProtectionMaxLockTime} ? $_ : () }
+          map {
+            $_ =~ s/\D//;
+            $_ < $self->conf->{bruteForceProtectionMaxLockTime} ? $_ : ()
+          }
           grep { /\d+/ }
           split /\s*,\s*/, $self->conf->{bruteForceProtectionLockTimes};
 
@@ -67,7 +70,7 @@ sub init {
             $lockTimes++;
         }
 
-        if ( $lockTimes > $self->conf->{failedLoginNumber} ) {
+        unless ( $lockTimes < $self->conf->{failedLoginNumber} ) {
             $self->logger->warn(
 'Number of incremental lock time values plus allowed failed logins attempt('
                   . "$lockTimes) is higher than failed logins history ("
diff --git a/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t b/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t
index 0c98e0e8b..fe437f2a9 100644
--- a/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t
+++ b/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t
@@ -10,15 +10,16 @@ my $res;
 
 my $client = LLNG::Manager::Test->new( {
         ini => {
-            logLevel                             => 'error',
+            logLevel                             => 'debug',
             authentication                       => 'Demo',
             userDB                               => 'Same',
             loginHistoryEnabled                  => 1,
             bruteForceProtection                 => 1,
             bruteForceProtectionIncrementalTempo => 1,
-            failedLoginNumber                    => 4,
+            failedLoginNumber                    => 5,
             bruteForceProtectionMaxLockTime      => 300,
-            bruteForceProtectionLockTimes        => '5 500 bad 20 10 ',
+            bruteForceProtectionLockTimes        => '5 , 500, bad ,20, 10 ',
+            bruteForceProtectionMaxFailed        => 2,
         }
     }
 );
@@ -38,6 +39,36 @@ my $id = expectCookie($res);
 expectRedirection( $res, 'http://auth.example.com/' );
 $client->logout($id);
 
+## First allowed failed login
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=dwho&password=ohwd'),
+        length => 23,
+        accept => 'text/html',
+    ),
+    '1st allowed Bad Auth query'
+);
+ok( $res->[2]->[0] =~ /<span trmsg="5"><\/span>/,
+    'Bad credential' )
+  or print STDERR Dumper( $res->[2]->[0] );
+count(2);
+
+## Second allowed failed login
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=dwho&password=ohwd'),
+        length => 23,
+        accept => 'text/html',
+    ),
+    '2nd allowed Bad Auth query'
+);
+ok( $res->[2]->[0] =~ /<span trmsg="5"><\/span>/,
+    'Bad credential' )
+  or print STDERR Dumper( $res->[2]->[0] );
+count(2);
+
 ## First failed connection
 ok(
     $res = $client->_post(