diff --git a/app/Http/Controllers/PreferencesController.php b/app/Http/Controllers/PreferencesController.php
index 6205cc8a69..04a1c7060e 100644
--- a/app/Http/Controllers/PreferencesController.php
+++ b/app/Http/Controllers/PreferencesController.php
@@ -96,7 +96,7 @@ class PreferencesController extends Controller
     public function postCode(TokenFormRequest $request)
     {
         Preferences::set('twoFactorAuthEnabled', 1);
-        Preferences::set('twoFactorAuthSecret', $request->input('secret'));
+        Preferences::set('twoFactorAuthSecret', Session::get('two-factor-secret'));
 
         Session::flash('success', 'Preferences saved!');
         Preferences::mark();