diff --git a/models/forms/login.js b/models/forms/login.js
index 5e63757b..08d33205 100644
--- a/models/forms/login.js
+++ b/models/forms/login.js
@@ -33,7 +33,7 @@ module.exports = async (req, res) => {
 	const passwordMatch = await bcrypt.compare(password, account.passwordHash);
 
 	//2fA (TOTP) validation
-	const delta = await doTwoFactor(username, account.twofactor, req.body.twofactor);
+	const delta = await doTwoFactor(username, account.twofactor, req.body.twofactor || "");
 
 	//if password was correct and 2fa valid (if enabled)
 	if (passwordMatch === false