diff --git a/authserv/server.py b/authserv/server.py
index b0fe69407696edd4d0551b69ae602d4b459fb461..9ace8a21ff485c7c35e7815b9b821d117d941c3c 100644
--- a/authserv/server.py
+++ b/authserv/server.py
@@ -10,7 +10,7 @@ from flask import Flask, request, abort, make_response
 
 
 @blacklist_on_auth_failure(key_from_args(0), count=5, period=600, ttl=43200)
-@blacklist_on_auth_failure(key_from_args(4), count=5, period=600, ttl=43200,
+@blacklist_on_auth_failure(key_from_args(5), count=5, period=600, ttl=43200,
                            check_wl=True)
 def _auth(username, service, shard, password, otp_token, source_ip):
     user = app.userdb.get_user(username, service, shard)
diff --git a/authserv/test/test_server.py b/authserv/test/test_server.py
index 02473d049243a588a1d1e061e66486e6a1a40c57..28603244032e79ea77063c554913f662c8cba811 100644
--- a/authserv/test/test_server.py
+++ b/authserv/test/test_server.py
@@ -157,7 +157,7 @@ class ServerTest(unittest.TestCase):
                     'service': 'svc', 'source_ip': '1.2.3.4'})
             self.assertEquals(200, response.status_code)
             self.assertEquals(protocol.ERR_AUTHENTICATION_FAILURE, response.data,
-                              'failed at %d (t %d)' % (i, self.tick))
+                              'failed at %d (t %d): %s' % (i, self.tick, response.data))
 
     def test_blacklist_by_source_ip_whitelisted(self):
         self._create_many_users(60)