diff --git a/core/Middleware/AccountModuleMiddleware.php b/core/Middleware/AccountModuleMiddleware.php
index c7f782613f01..5ba76c88b00f 100644
--- a/core/Middleware/AccountModuleMiddleware.php
+++ b/core/Middleware/AccountModuleMiddleware.php
@@ -32,6 +32,7 @@
 use OCP\Authentication\IAccountModuleController;
 use OCP\ILogger;
 use OCP\IUserSession;
+use OC\Core\Controller\TwoFactorChallengeController;
 
 /**
  * Class AccountModuleMiddleware
@@ -94,6 +95,11 @@ public function beforeController($controller, $methodName) {
 			return;
 		}
 
+		if ($controller instanceof TwoFactorChallengeController) {
+			// Don't block two factor challenge
+			return;
+		}
+
 		if ($this->session->isLoggedIn()) {
 			$user = $this->session->getUser();
 			if ($user === null) {
diff --git a/tests/Core/Middleware/AccountModuleMiddlewareTest.php b/tests/Core/Middleware/AccountModuleMiddlewareTest.php
index 6818a34b0caf..cfc3fb8ac2ce 100644
--- a/tests/Core/Middleware/AccountModuleMiddlewareTest.php
+++ b/tests/Core/Middleware/AccountModuleMiddlewareTest.php
@@ -31,6 +31,7 @@
 use OCP\IUser;
 use OCP\IUserSession;
 use Test\TestCase;
+use OC\Core\Controller\TwoFactorChallengeController;
 
 class AccountModuleMiddlewareTest extends TestCase {
 
@@ -102,6 +103,18 @@ public function testBeforeControllerAccountModuleController() {
 
 		$this->middleware->beforeController($controller, null);
 	}
+	public function testBeforeControllerSkipsTwoFactorChallengeController() {
+		$this->reflector->expects($this->once())
+			->method('hasAnnotation')
+			->with('PublicPage')
+			->will($this->returnValue(false));
+		$this->userSession->expects($this->never())
+			->method('isLoggedIn');
+
+		$controller = $this->createMock(TwoFactorChallengeController::class);
+
+		$this->middleware->beforeController($controller, null);
+	}
 
 	public function testBeforeControllerNotLoggedIn() {
 		$this->reflector->expects($this->once())