diff --git a/auth/views.py b/auth/views.py
index 1b6069b593..fa8c56933f 100644
--- a/auth/views.py
+++ b/auth/views.py
@@ -74,8 +74,10 @@ def login_user(request, error=""):
             log.critical("Login failed - Could not create session. Is memcached running?")
             log.exception(e)
 
+        log.info("Login success - {0} ({1})".format(username, email))
         return HttpResponse(json.dumps({'success':True}))
 
+    log.warning("Login failed - Account not active for user {0}".format(username))
     return HttpResponse(json.dumps({'success':False, 
                                     'error': 'Account not active. Check your e-mail.'}))
 
diff --git a/track/middleware.py b/track/middleware.py
index 407f64b992..6905ae86f3 100644
--- a/track/middleware.py
+++ b/track/middleware.py
@@ -5,10 +5,11 @@ from django.conf import settings
 import views
 
 class TrackMiddleware:
-    def process_request (self, request):
+    def process_request(self, request):
         try:
-            # We're already logging events
-            if request.META['PATH_INFO'] == '/event':
+            # We're already logging events, and we don't want to capture user
+            # names/passwords.
+            if request.META['PATH_INFO'] in ['/event', '/login']:
                 return
             
             event = { 'GET'  : dict(request.GET),