diff --git a/src/proxyauth.js b/src/proxyauth.js
index aec3a66ff..22d0f62de 100644
--- a/src/proxyauth.js
+++ b/src/proxyauth.js
@@ -68,7 +68,7 @@ async function authorizationHeader(req, res, next) {
     if (!app.manifest.addons.proxyAuth.basicAuth) return next(); // this is a flag because this allows auth to bypass 2FA
 
     const verifyFunc = credentials.name.indexOf('@') !== -1 ? users.verifyWithEmail : users.verifyWithUsername;
-    const [verifyError, user] = await safe(verifyFunc(credentials.name, credentials.pass, appId));
+    const [verifyError, user] = await safe(verifyFunc(credentials.name, credentials.pass, appId, { relaxedTotpCheck: true }));
     if (verifyError) return next(new HttpError(403, 'Invalid username or password' ));
 
     req.user = user;