diff --git a/src/Umbraco.Core/Auditing/IdentityAuditEventArgs.cs b/src/Umbraco.Core/Auditing/IdentityAuditEventArgs.cs
index 745bf4e692..55d8386d21 100644
--- a/src/Umbraco.Core/Auditing/IdentityAuditEventArgs.cs
+++ b/src/Umbraco.Core/Auditing/IdentityAuditEventArgs.cs
@@ -14,6 +14,11 @@ namespace Umbraco.Core.Auditing
         public int PerformingUser { get; set; }
         public string Comment { get; set; }
 
+        /// <summary>
+        /// This property is always empty except in the LoginFailed event for an unknown user trying to login
+        /// </summary>
+        public string Username { get; set; }
+
         public IdentityAuditEventArgs(AuditEvent action, string ipAddress = "", int performingUser = -1)
         {
             DateTimeUtc = DateTime.UtcNow;
diff --git a/src/Umbraco.Core/Security/BackOfficeUserManager.cs b/src/Umbraco.Core/Security/BackOfficeUserManager.cs
index 5e691257be..bec2b657b2 100644
--- a/src/Umbraco.Core/Security/BackOfficeUserManager.cs
+++ b/src/Umbraco.Core/Security/BackOfficeUserManager.cs
@@ -386,6 +386,15 @@ namespace Umbraco.Core.Security
             });
         }
 
+        public void RaiseInvalidLoginAttemptEvent(string username)
+        {
+            OnLoginFailed(new IdentityAuditEventArgs(AuditEvent.LoginFailed)
+            {
+                Username = username,
+                Comment = string.Format("Attempted login for username '{0}' failed", username)
+            });
+        }
+
         /// <summary>
         /// Clears a lock so that the membership user can be validated.
         /// </summary>
diff --git a/src/Umbraco.Web/Editors/AuthenticationController.cs b/src/Umbraco.Web/Editors/AuthenticationController.cs
index e49b566ebb..12dd568531 100644
--- a/src/Umbraco.Web/Editors/AuthenticationController.cs
+++ b/src/Umbraco.Web/Editors/AuthenticationController.cs
@@ -185,10 +185,12 @@ namespace Umbraco.Web.Editors
                 case SignInStatus.LockedOut:
                 case SignInStatus.Failure:
                 default:
-                    //return BadRequest (400), we don't want to return a 401 because that get's intercepted 
+                    //return BadRequest (400), we don't want to return a 401 because that get's intercepted
                     // by our angular helper because it thinks that we need to re-perform the request once we are
-                    // authorized and we don't want to return a 403 because angular will show a warning msg indicating 
-                    // that the user doesn't have access to perform this function, we just want to return a normal invalid msg.            
+                    // authorized and we don't want to return a 403 because angular will show a warning msg indicating
+                    // that the user doesn't have access to perform this function, we just want to return a normal invalid msg.
+                    if (UserManager != null)
+                        UserManager.RaiseInvalidLoginAttemptEvent(loginModel.Username);
                     throw new HttpResponseException(HttpStatusCode.BadRequest);
             }
         }