diff --git a/app/models/user.rb b/app/models/user.rb
index befbcbf1a16a8e304066daa3d9472868bebb5f4b..7b1f6fae3be32c52f1535c6658cd0855d3c9f17c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -73,8 +73,11 @@ class User < ActiveRecord::Base
   default_value_for :hide_no_password, false
   default_value_for :theme_id, gitlab_config.default_theme
 
-  devise :lockable, :async,
-         :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable
+  devise :two_factor_authenticatable,
+         otp_secret_encryption_key: File.read(Rails.root.join('.secret')).chomp
+  devise :two_factor_backupable
+  devise :lockable, :async, :recoverable, :rememberable, :trackable,
+    :validatable, :omniauthable, :confirmable, :registerable
 
   attr_accessor :force_random_password
 
@@ -663,4 +666,9 @@ class User < ActiveRecord::Base
 
     true
   end
+
+  # Used to populate the hidden form field during Two-factor authentication
+  def login
+    username || email
+  end
 end