diff --git a/dev/Remote/Admin/Fetch.js b/dev/Remote/Admin/Fetch.js
index a9cec7a9d..aad08326c 100644
--- a/dev/Remote/Admin/Fetch.js
+++ b/dev/Remote/Admin/Fetch.js
@@ -195,20 +195,6 @@ class RemoteAdminFetch extends AbstractFetchRemote {
 		this.defaultRequest(fCallback, 'AdminContactsTest', oData);
 	}
 
-	/**
-	 * @param {?Function} fCallback
-	 * @param {?} oData
-	 */
-	saveNewAdminPassword(fCallback, oData) {
-		this.defaultRequest(fCallback, 'AdminPasswordUpdate', oData);
-	}
-
-	/**
-	 * @param {?Function} fCallback
-	 */
-	phpExtensions(fCallback) {
-		this.defaultRequest(fCallback, 'AdminPHPExtensions');
-	}
 }
 
 export default new RemoteAdminFetch();
diff --git a/dev/Settings/Admin/About.js b/dev/Settings/Admin/About.js
index 71989d42c..24ba256cf 100644
--- a/dev/Settings/Admin/About.js
+++ b/dev/Settings/Admin/About.js
@@ -9,7 +9,7 @@ export class AboutAdminSettings /*extends AbstractViewSettings*/ {
 	}
 
 	onBuild() {
-		Remote.phpExtensions((iError, data) => iError || this.phpextensions(data.Result));
+		Remote.defaultRequest((iError, data) => iError || this.phpextensions(data.Result), 'AdminPHPExtensions');
 	}
 
 }
diff --git a/dev/Settings/Admin/Security.js b/dev/Settings/Admin/Security.js
index 9d84ed220..24e5d1cb0 100644
--- a/dev/Settings/Admin/Security.js
+++ b/dev/Settings/Admin/Security.js
@@ -22,6 +22,7 @@ export class SecurityAdminSettings /*extends AbstractViewSettings*/ {
 			adminPasswordNew: '',
 			adminPasswordNew2: '',
 			adminPasswordNewError: false,
+			adminTOTP: SettingsGet('AdminTOTP'),
 
 			adminPasswordUpdateError: false,
 			adminPasswordUpdateSuccess: false,
@@ -91,7 +92,7 @@ export class SecurityAdminSettings /*extends AbstractViewSettings*/ {
 		this.adminPasswordUpdateError(false);
 		this.adminPasswordUpdateSuccess(false);
 
-		Remote.saveNewAdminPassword((iError, data) => {
+		Remote.defaultRequest((iError, data) => {
 			if (iError) {
 				this.adminPasswordUpdateError(true);
 			} else {
@@ -103,10 +104,11 @@ export class SecurityAdminSettings /*extends AbstractViewSettings*/ {
 
 				this.weakPassword(!!data.Result.Weak);
 			}
-		}, {
+		}, 'AdminPasswordUpdate', {
 			'Login': this.adminLogin(),
 			'Password': this.adminPassword(),
-			'NewPassword': this.adminPasswordNew()
+			'NewPassword': this.adminPasswordNew(),
+			'TOTP': this.adminTOTP()
 		});
 
 		return true;
diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions.php
index d2a0d15ef..95b2ea726 100644
--- a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions.php
+++ b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions.php
@@ -873,7 +873,38 @@ class Actions
 		$sLanguage = $oConfig->Get('webmail', 'language', 'en');
 		$UserLanguageRaw = $this->detectUserLanguage($bAdmin);
 
-		if (!$bAdmin) {
+		if ($bAdmin) {
+			$aResult['Auth'] = $this->IsAdminLoggined(false);
+			if ($aResult['Auth']) {
+				$aResult['AdminDomain'] = APP_SITE;
+				$aResult['AdminLogin'] = (string)$oConfig->Get('security', 'admin_login', '');
+				$aResult['AdminTOTP'] = (string)$oConfig->Get('security', 'admin_totp', '');
+				$aResult['UseTokenProtection'] = (bool)$oConfig->Get('security', 'csrf_protection', true);
+				$aResult['EnabledPlugins'] = (bool)$oConfig->Get('plugins', 'enable', false);
+
+				$aResult['VerifySslCertificate'] = (bool)$oConfig->Get('ssl', 'verify_certificate', false);
+				$aResult['AllowSelfSigned'] = (bool)$oConfig->Get('ssl', 'allow_self_signed', true);
+
+				$aResult['supportedPdoDrivers'] = \RainLoop\Common\PdoAbstract::getAvailableDrivers();
+
+				$aResult['ContactsEnable'] = (bool)$oConfig->Get('contacts', 'enable', false);
+				$aResult['ContactsSync'] = (bool)$oConfig->Get('contacts', 'allow_sync', false);
+				$aResult['ContactsPdoType'] = (string)$this->ValidateContactPdoType(\trim($this->Config()->Get('contacts', 'type', 'sqlite')));
+				$aResult['ContactsPdoDsn'] = (string)$oConfig->Get('contacts', 'pdo_dsn', '');
+				$aResult['ContactsPdoType'] = (string)$oConfig->Get('contacts', 'type', '');
+				$aResult['ContactsPdoUser'] = (string)$oConfig->Get('contacts', 'pdo_user', '');
+				$aResult['ContactsPdoPassword'] = (string)APP_DUMMY;
+
+				$aResult['WeakPassword'] = \is_file($passfile);
+
+				$aResult['PhpUploadSizes'] = array(
+					'upload_max_filesize' => \ini_get('upload_max_filesize'),
+					'post_max_size' => \ini_get('post_max_size')
+				);
+			}
+
+			$aResult['Capa'] = $this->Capa(true);
+		} else {
 			$oAccount = $this->getAccountFromToken(false);
 			if ($oAccount) {
 				$aResult['Auth'] = true;
@@ -986,36 +1017,6 @@ class Actions
 			}
 
 			$aResult['Capa'] = $this->Capa(false, $oAccount);
-		} else {
-			$aResult['Auth'] = $this->IsAdminLoggined(false);
-			if ($aResult['Auth']) {
-				$aResult['AdminDomain'] = APP_SITE;
-				$aResult['AdminLogin'] = (string)$oConfig->Get('security', 'admin_login', '');
-				$aResult['UseTokenProtection'] = (bool)$oConfig->Get('security', 'csrf_protection', true);
-				$aResult['EnabledPlugins'] = (bool)$oConfig->Get('plugins', 'enable', false);
-
-				$aResult['VerifySslCertificate'] = (bool)$oConfig->Get('ssl', 'verify_certificate', false);
-				$aResult['AllowSelfSigned'] = (bool)$oConfig->Get('ssl', 'allow_self_signed', true);
-
-				$aResult['supportedPdoDrivers'] = \RainLoop\Common\PdoAbstract::getAvailableDrivers();
-
-				$aResult['ContactsEnable'] = (bool)$oConfig->Get('contacts', 'enable', false);
-				$aResult['ContactsSync'] = (bool)$oConfig->Get('contacts', 'allow_sync', false);
-				$aResult['ContactsPdoType'] = (string)$this->ValidateContactPdoType(\trim($this->Config()->Get('contacts', 'type', 'sqlite')));
-				$aResult['ContactsPdoDsn'] = (string)$oConfig->Get('contacts', 'pdo_dsn', '');
-				$aResult['ContactsPdoType'] = (string)$oConfig->Get('contacts', 'type', '');
-				$aResult['ContactsPdoUser'] = (string)$oConfig->Get('contacts', 'pdo_user', '');
-				$aResult['ContactsPdoPassword'] = (string)APP_DUMMY;
-
-				$aResult['WeakPassword'] = \is_file($passfile);
-
-				$aResult['PhpUploadSizes'] = array(
-					'upload_max_filesize' => \ini_get('upload_max_filesize'),
-					'post_max_size' => \ini_get('post_max_size')
-				);
-			}
-
-			$aResult['Capa'] = $this->Capa(true);
 		}
 
 		$sStaticCache = $this->StaticCache();
diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Admin.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Admin.php
index 54bf3c67f..559df6198 100644
--- a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Admin.php
+++ b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Admin.php
@@ -248,6 +248,8 @@ trait Admin
 
 		$passfile = APP_PRIVATE_DATA.'admin_password.txt';
 
+		$oConfig->Set('security', 'admin_totp', $this->GetActionParam('TOTP', ''));
+
 		if ($oConfig->ValidatePassword($sPassword))
 		{
 			if (\strlen($sLogin))
diff --git a/snappymail/v/0.0.0/app/templates/Views/Admin/AdminSettingsSecurity.html b/snappymail/v/0.0.0/app/templates/Views/Admin/AdminSettingsSecurity.html
index 463892ad1..24819f045 100644
--- a/snappymail/v/0.0.0/app/templates/Views/Admin/AdminSettingsSecurity.html
+++ b/snappymail/v/0.0.0/app/templates/Views/Admin/AdminSettingsSecurity.html
@@ -42,6 +42,12 @@
 		<input type="password" autocomplete="new-password" autocorrect="off" autocapitalize="off" spellcheck="false"
 			data-bind="textInput: adminPasswordNew2" />
 	</div>
+	<div class="control-group">
+		<label data-i18n="LOGIN/LABEL_TOTP"></label>
+		<input type="text" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"
+			pattern="[A-Z2-7]{16,}"
+			data-bind="textInput: adminTOTP" />
+	</div>
 	<div class="control-group">
 		<a class="btn" data-bind="command: saveNewAdminPasswordCommand, css: { 'btn-success': adminPasswordUpdateSuccess, 'btn-danger': adminPasswordUpdateError }">
 			<i class="fontastic">🔑</i>