diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
index 9423d337b8..a82fe7065b 100644
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -45,6 +45,8 @@ use Illuminate\Http\Request;
 use Illuminate\Support\Collection;
 use Laravel\Passport\ClientRepository;
 use Log;
+use PragmaRX\Recovery\Recovery;
+use Preferences;
 
 /**
  * Class ProfileController.
@@ -140,9 +142,20 @@ class ProfileController extends Controller
         $secret = Google2FA::generateSecretKey();
         session()->flash('two-factor-secret', $secret);
 
+        // generate recovery codes:
+        $recovery = app( Recovery::class);
+        $recoveryCodes =$recovery->lowercase()
+            ->setCount(8)     // Generate 8 codes
+            ->setBlocks(2)    // Every code must have 7 blocks
+            ->setChars(6)    // Each block must have 16 chars
+            ->toArray();
+        $codes = implode("\r\n", $recoveryCodes);
+
+        Preferences::set('mfa_recovery', $recoveryCodes);
+
         $image = Google2FA::getQRCodeInline($domain, auth()->user()->email, $secret);
 
-        return view('profile.code', compact('image', 'secret'));
+        return view('profile.code', compact('image', 'secret','codes'));
     }
 
     /**
@@ -234,18 +247,18 @@ class ProfileController extends Controller
      */
     public function enable2FA()
     {
-        die('this method is deprecated.');
-        $hasSecret = (null !== app('preferences')->get('twoFactorAuthSecret'));
+        /** @var User $user */
+        $user       = auth()->user();
+        $enabledMFA = null !== $user->mfa_secret;
 
         // if we don't have a valid secret yet, redirect to the code page to get one.
-        if (!$hasSecret) {
+        if (!$enabledMFA) {
             return redirect(route('profile.code'));
         }
 
         // If FF3 already has a secret, just set the two factor auth enabled to 1,
         // and let the user continue with the existing secret.
-
-        app('preferences')->set('twoFactorAuthEnabled', 1);
+        session()->flash('info', (string)trans('firefly.2fa_already_enabled'));
 
         return redirect(route('profile.index'));
     }
@@ -388,9 +401,14 @@ class ProfileController extends Controller
      */
     public function postCode(TokenFormRequest $request)
     {
-        die('this method is deprecated');
-        app('preferences')->set('twoFactorAuthEnabled', 1);
-        app('preferences')->set('twoFactorAuthSecret', session()->get('two-factor-secret'));
+        /** @var User $user */
+        $user = auth()->user();
+        /** @var UserRepositoryInterface $repository */
+        $repository = app(UserRepositoryInterface::class);
+        /** @var string $secret */
+        $secret = session()->get('two-factor-secret');
+
+        $repository->setMFACode($user, $secret);
 
         session()->flash('success', (string)trans('firefly.saved_preferences'));
         app('preferences')->mark();
diff --git a/resources/lang/en_US/firefly.php b/resources/lang/en_US/firefly.php
index 4b73be09bd..26e45502e6 100644
--- a/resources/lang/en_US/firefly.php
+++ b/resources/lang/en_US/firefly.php
@@ -486,7 +486,7 @@ return [
     'pref_two_factor_auth_code_help'   => 'Scan the QR code with an application on your phone such as Authy or Google Authenticator and enter the generated code.',
     'pref_two_factor_auth_reset_code'  => 'Reset verification code',
     'pref_two_factor_auth_disable_2fa' => 'Disable 2FA',
-    '2fa_use_secret_instead'           => 'If you cannot scan the QR code, feel free to use the secret instead: :secret.',
+    '2fa_use_secret_instead'           => 'If you cannot scan the QR code, feel free to use the secret instead: <code>:secret</code>.',
     '2fa_backup_codes'                 => 'Store these backup codes for access in case you lose your device.',
     '2fa_already_enabled'              => '2-step verification is already enabled.',
     'pref_save_settings'               => 'Save settings',
diff --git a/resources/views/v1/profile/code.twig b/resources/views/v1/profile/code.twig
index a1288322bd..da17e20b06 100644
--- a/resources/views/v1/profile/code.twig
+++ b/resources/views/v1/profile/code.twig
@@ -8,7 +8,7 @@
     <form method="POST" action="{{ route('profile.code.store') }}" accept-charset="UTF-8" class="form-horizontal" id="preferences_code">
         <input name="_token" type="hidden" value="{{ csrf_token() }}">
         <div class="row">
-            <div class="col-lg-8 col-lg-offset-2 col-md-12 col-sm-12 col-xs-12">
+            <div class="col-lg-6 col-lg-offset-3 col-md-12 col-sm-12 col-xs-12">
                 <div class="box">
                     <div class="box-header with-border">
                         <h3 class="box-title">{{ 'pref_two_factor_auth_code'|_ }}</h3>
@@ -23,15 +23,19 @@
                                      style="border:1px #ddd solid;"/>
                             </div>
                             <p>
-                                {{ trans('firefly.2fa_use_secret_instead', {secret: secret}) }}
+                                {{ trans('firefly.2fa_use_secret_instead', {secret: secret|escape})|raw }}
                             </p>
+                            <p>
+                                {{ '2fa_backup_codes'|_ }}
+                            </p>
+                            <pre>{{ codes }}</pre>
                         </div>
                     </div>
                 </div>
             </div>
         </div>
         <div class="row">
-            <div class="col-lg-8 col-lg-offset-2 col-md-12 col-sm-12 col-xs-12">
+            <div class="col-lg-6 col-lg-offset-3 col-md-12 col-sm-12 col-xs-12">
                 <div class="box">
                     <div class="box-body">
                         {{ ExpandedForm.text('code', code) }}
