diff --git a/src/RESTAPI/RESTAPI_user_handler.cpp b/src/RESTAPI/RESTAPI_user_handler.cpp
index f6f776a..3a3a29e 100644
--- a/src/RESTAPI/RESTAPI_user_handler.cpp
+++ b/src/RESTAPI/RESTAPI_user_handler.cpp
@@ -224,9 +224,16 @@ namespace OpenWifi {
                 return BadRequest(RESTAPI::Errors::NeedMobileNumber);
             }
 
-            if(NewUser.userTypeProprietaryInfo.mfa.method=="email") {
+            if(!NewUser.userTypeProprietaryInfo.mfa.method.empty()) {
+                if(NewUser.userTypeProprietaryInfo.mfa.method!="email" && NewUser.userTypeProprietaryInfo.mfa.method!="sms" ) {
+                    return BadRequest("Unknown MFA method");
+                }
                 Existing.userTypeProprietaryInfo.mfa.method=NewUser.userTypeProprietaryInfo.mfa.method;
             }
+
+            if(Existing.userTypeProprietaryInfo.mfa.enabled && Existing.userTypeProprietaryInfo.mfa.method.empty()) {
+                return BadRequest("Illegal MFA method");
+            }
         }
 
         if(StorageService()->UpdateUserInfo(UserInfo_.userinfo.email,Id,Existing)) {