diff --git a/src/routes/profile.js b/src/routes/profile.js
index 0b1ef2e62..4415fa804 100644
--- a/src/routes/profile.js
+++ b/src/routes/profile.js
@@ -87,6 +87,9 @@ function enableTwoFactorAuthentication(req, res, next) {
     if (!req.body.totpToken || typeof req.body.totpToken !== 'string') return next(new HttpError(400, 'totpToken must be a nonempty string'));
 
     user.enableTwoFactorAuthentication(req.user.id, req.body.totpToken, function (error) {
+        if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
+        if (error && error.reason === UserError.BAD_TOKEN) return next(new HttpError(403, 'Invalid token'));
+        if (error && error.reason === UserError.ALREADY_EXISTS) return next(new HttpError(409, 'TwoFactor Authentication is already enabled'));
         if (error) return next(new HttpError(500, error));
         next(new HttpSuccess(202, {}));
     });
diff --git a/src/user.js b/src/user.js
index 0c54665c9..377dd13f5 100644
--- a/src/user.js
+++ b/src/user.js
@@ -573,7 +573,7 @@ function setTwoFactorAuthenticationSecret(userId, callback) {
         if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new UserError(UserError.NOT_FOUND));
         if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error));
 
-        if (result.twoFactorAuthenticationEnabled) return callback(new UserError(UserError.ALREADY_EXISTS, 'TwoFactor Authentication is enabled, disable first'));
+        if (result.twoFactorAuthenticationEnabled) return callback(new UserError(UserError.ALREADY_EXISTS));
 
         var secret = speakeasy.generateSecret({ name: 'cloudron' });
 
@@ -599,9 +599,9 @@ function enableTwoFactorAuthentication(userId, totpToken, callback) {
         if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error));
 
         var verified = speakeasy.totp.verify({ secret: result.twoFactorAuthenticationSecret, encoding: 'base32', token: totpToken });
-        if (!verified) return callback(new UserError(UserError.BAD_TOKEN, 'Invalid token'));
+        if (!verified) return callback(new UserError(UserError.BAD_TOKEN));
 
-        if (result.twoFactorAuthenticationEnabled) return callback(new UserError(UserError.ALREADY_EXISTS, 'TwoFactor Authentication is already enabled'));
+        if (result.twoFactorAuthenticationEnabled) return callback(new UserError(UserError.ALREADY_EXISTS));
 
         userdb.update(userId, { twoFactorAuthenticationEnabled: true }, function (error) {
             if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error));