diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index 7ae0dcaefc..fac76e91dd 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -139,7 +139,7 @@ class LoginController extends BaseController
                         ->header('X-App-Version', config('ninja.app_version'))
                         ->header('X-Api-Version', config('ninja.minimum_client_version'));
                 }
-            } elseif ($user->google_2fa_secret && !$request->has('one_time_password')) {
+            } elseif (strlen($user->google_2fa_secret ?? '') > 2 && !$request->has('one_time_password')) {
                 return response()
                     ->json(['message' => ctrans('texts.invalid_one_time_password')], 401)
                     ->header('X-App-Version', config('ninja.app_version'))
diff --git a/app/Http/Controllers/TwoFactorController.php b/app/Http/Controllers/TwoFactorController.php
index 2110e828b3..bd37efc6ca 100644
--- a/app/Http/Controllers/TwoFactorController.php
+++ b/app/Http/Controllers/TwoFactorController.php
@@ -29,7 +29,7 @@ class TwoFactorController extends BaseController
         /** @var \App\Models\User $user */
         $user = auth()->user();
 
-        if ($user->google_2fa_secret) {
+        if (strlen($user->google_2fa_secret ?? '') > 2) {
             return response()->json(['message' => '2FA already enabled'], 400);
         } elseif (Ninja::isSelfHost()) {