diff --git a/NEWS b/NEWS
index 365ed8ad..cd91fbfc 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,8 @@
 - Report additional statistics to syslog and occtl, such as authentication failures,
   total sessions handled, total amount of data transferred, average session and
   authentication time.
+- Increased the default max-ban-score to 8 wrong password attempts, and
+  increased the default IP ban time to 20 minutes.
 
 
 * Version 0.11.7 (released 2017-02-12)
diff --git a/doc/sample.config b/doc/sample.config
index 7754ce44..57f4acad 100644
--- a/doc/sample.config
+++ b/doc/sample.config
@@ -328,10 +328,10 @@ min-reauth-time = 300
 # locally from an HTTP server (i.e., when listen-clear-file is used).
 #
 # Set to zero to disable.
-max-ban-score = 50
+max-ban-score = 80
 
 # The time (in seconds) that all score kept for a client is reset.
-ban-reset-time = 300
+ban-reset-time = 1200
 
 # In case you'd like to change the default points.
 #ban-points-wrong-password = 10
diff --git a/src/ocserv-args.def b/src/ocserv-args.def
index 111a28d9..ee97e3e2 100644
--- a/src/ocserv-args.def
+++ b/src/ocserv-args.def
@@ -425,10 +425,10 @@ min-reauth-time = 120
 # locally from an HTTP server (i.e., when listen-clear-file is used).
 #
 # Set to zero to disable.
-max-ban-score = 50
+max-ban-score = 80
 
 # The time (in seconds) that all score kept for a client is reset.
-ban-reset-time = 300
+ban-reset-time = 1200
 
 # In case you'd like to change the default points.
 #ban-points-wrong-password = 10