First failed factor authentication (i.e using password) is audited but
not the second failed factor authentication. This change audits the
later. The ability to view the second authentication attempts allows
better monitoring of malicious attacks when the user's password has been
compromised.