diff --git a/public_html/admin/install/config-install.php b/public_html/admin/install/config-install.php
index 77b50c7f6..17d9fdd7b 100644
--- a/public_html/admin/install/config-install.php
+++ b/public_html/admin/install/config-install.php
@@ -2,7 +2,7 @@
 
 /* Reminder: always indent with 4 spaces (no tabs). */
 // +---------------------------------------------------------------------------+
-// | Geeklog 2.1                                                               |
+// | Geeklog 2.2                                                               |
 // +---------------------------------------------------------------------------+
 // | config-install.php                                                        |
 // |                                                                           |
@@ -275,7 +275,8 @@ function install_config()
     $c->add('login_speedlimit',300,'text',4,18,NULL,1700,TRUE, $me, 18);
     $c->add('invalidloginattempts',7,'text',4,18,NULL,1710,TRUE, $me, 18);
     $c->add('invalidloginmaxtime',1200,'text',4,18,NULL,1720,TRUE, $me, 18);
-    
+    $c->add('enable_twofactorauth',0,'select',4,18,NULL,1730,TRUE, $me, 18);
+
     // password options
     $c->add('fs_pass', NULL, 'fieldset', 4, 42, NULL, 0, TRUE, $me, 18);
     $c->add('pass_alg', 1, 'select', 4, 42, 29, 800, TRUE, $me, 18);
diff --git a/sql/mysql_tableanddata.php b/sql/mysql_tableanddata.php
index 5a07722be..ebd79deef 100644
--- a/sql/mysql_tableanddata.php
+++ b/sql/mysql_tableanddata.php
@@ -497,6 +497,8 @@
   num_reminders tinyint(1) NOT NULL default 0,
   invalidlogins SMALLINT NOT NULL DEFAULT '0', 
   lastinvalid int(10) unsigned default NULL,
+  twofactorauth_enabled TINYINT(3) NOT NULL DEFAULT 0,
+  twofactorauth_secret VARCHAR(255) NOT NULL DEFAULT '',
   PRIMARY KEY  (uid),
   KEY LOGIN (uid,passwd,username),
   INDEX users_username(username),
@@ -515,6 +517,15 @@
 ) ENGINE=MyISAM
 ";
 
+$_SQL[] = "
+CREATE TABLE {$_TABLES['backup_codes']} (
+  code VARCHAR(16) NOT NULL UNIQUE,
+  uid MEDIUMINT(8) NOT NULL DEFAULT 0,
+  is_used TINYINT(1) NOT NULL DEFAULT 0,
+  PRIMARY KEY (code)
+) ENGINE=MyISAM
+";
+
 // Data
 $_DATA[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (1,3) ";
 $_DATA[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (2,3) ";
diff --git a/sql/pgsql_tableanddata.php b/sql/pgsql_tableanddata.php
index 43b7439f9..dc96aa3c6 100644
--- a/sql/pgsql_tableanddata.php
+++ b/sql/pgsql_tableanddata.php
@@ -496,6 +496,8 @@
   num_reminders smallint NOT NULL default 0,
   invalidlogins SMALLINT NOT NULL DEFAULT '0', 
   lastinvalid int(10) unsigned default NULL, 
+  twofactorauth_enabled SMALLINT NOT NULL DEFAULT 0,
+  twofactorauth_secret VARCHAR(255) NOT NULL DEFAULT '',
   PRIMARY KEY (uid)
 );
   CREATE INDEX {$_TABLES['users']}_LOGIN ON {$_TABLES['users']}(uid,passwd,username);
@@ -514,6 +516,15 @@
 )
 ";
 
+$_SQL[] = "
+CREATE TABLE {$_TABLES['backup_codes']} (
+  code VARCHAR(16) NOT NULL UNIQUE,
+  uid INT NOT NULL DEFAULT 0,
+  is_used SMALLINT NOT NULL DEFAULT 0,
+  PRIMARY KEY (code)
+)
+";
+
 $_SQL[] = "
 CREATE OR REPLACE FUNCTION UNIX_TIMESTAMP(timestamp with time zone) RETURNS integer AS '
 SELECT ROUND(EXTRACT(EPOCH FROM ABSTIME($1)))::int4 AS result;
diff --git a/sql/updates/mysql_2.1.3_to_2.2.0.php b/sql/updates/mysql_2.1.3_to_2.2.0.php
index e9116cfa6..76ef074cc 100644
--- a/sql/updates/mysql_2.1.3_to_2.2.0.php
+++ b/sql/updates/mysql_2.1.3_to_2.2.0.php
@@ -25,6 +25,20 @@
 $_SQL[] = "ALTER TABLE `{$_TABLES['users']}` ADD `invalidlogins` SMALLINT NOT NULL DEFAULT '0' AFTER `num_reminders`";
 $_SQL[] = "ALTER TABLE `{$_TABLES['users']}` ADD `lastinvalid` INT(10) UNSIGNED NULL DEFAULT NULL AFTER `invalidlogins`";
 
+// Add columns for two factor authentication
+$_SQL[] = "ALTER TABLE `{$_TABLES['users']}` ADD `twofactorauth_enabled` TINYINT(3) NOT NULL DEFAULT 0 AFTER `lastinvalid`";
+$_SQL[] = "ALTER TABLE `{$_TABLES['users']}` ADD `twofactorauth_secret` VARCHAR(255) NOT NULL DEFAULT '' AFTER `twofactorauth_enabled`";
+
+// Add a table to store backup codes for two factor authentication
+$_SQL[] = "
+CREATE TABLE {$_TABLES['backup_codes']} (
+  code VARCHAR(16) NOT NULL UNIQUE,
+  uid MEDIUMINT(8) NOT NULL DEFAULT 0,
+  is_used TINYINT(1) NOT NULL DEFAULT 0,
+  PRIMARY KEY (code)
+) ENGINE=MyISAM
+";
+
 /**
  * Upgrade Messages
  */
@@ -75,6 +89,9 @@ function update_ConfValuesFor220()
     // Hidden config option for Core used to determine language of article url (see _getLanguageInfoFromURL in lib-common)
     $c->add('langurl_article',array('', 'article.php', 'story'),'@hidden',7,31,1,1830,TRUE, $me, 31); 
 
+    // Add a config option to decide whether to globally allow two factor auth
+    $c->add('enable_twofactorauth',0,'select',4,18,NULL,1730,TRUE, $me, 18);
+
     return true;
 }
 
diff --git a/sql/updates/pgsql_2.1.3_to_2.2.0.php b/sql/updates/pgsql_2.1.3_to_2.2.0.php
index 219b4e70a..50b2462ce 100644
--- a/sql/updates/pgsql_2.1.3_to_2.2.0.php
+++ b/sql/updates/pgsql_2.1.3_to_2.2.0.php
@@ -25,6 +25,20 @@
 $_SQL[] = "ALTER TABLE `{$_TABLES['users']}` ADD `invalidlogins` SMALLINT NOT NULL DEFAULT '0' AFTER `num_reminders`";
 $_SQL[] = "ALTER TABLE `{$_TABLES['users']}` ADD `lastinvalid` INT(10) UNSIGNED NULL DEFAULT NULL AFTER `invalidlogins`";
 
+// Add columns for two factor authentication
+$_SQL[] = "ALTER TABLE `{$_TABLES['users']}` ADD `twofactorauth_enabled` SMALLINT NOT NULL DEFAULT 0 AFTER `lastinvalid`";
+$_SQL[] = "ALTER TABLE `{$_TABLES['users']}` ADD `twofactorauth_secret` VARCHAR(255) NOT NULL DEFAULT '' AFTER `twofactorauth_enabled`";
+
+// Add a table to store backup codes for two factor authentication
+$_SQL[] = "
+CREATE TABLE {$_TABLES['backup_codes']} (
+  code VARCHAR(16) NOT NULL UNIQUE,
+  uid INT NOT NULL DEFAULT 0,
+  is_used SMALLINT NOT NULL DEFAULT 0,
+  PRIMARY KEY (code)
+)
+";
+
 /**
  * Upgrade Messages
  */
@@ -75,6 +89,9 @@ function update_ConfValuesFor220()
     // Hidden config option for Core used to determine language of article url (see _getLanguageInfoFromURL in lib-common)
     $c->add('langurl_article',array('', 'article.php', 'story'),'@hidden',7,31,1,1830,TRUE, $me, 31);     
 
+    // Add a config option to decide whether to globally allow two factor auth
+    $c->add('enable_twofactorauth',0,'select',4,18,NULL,1730,TRUE, $me, 18);
+
     return true;
 }
 
diff --git a/system/lib-database.php b/system/lib-database.php
index ded35a28c..19218122e 100644
--- a/system/lib-database.php
+++ b/system/lib-database.php
@@ -51,6 +51,7 @@
 
 $_TABLES['access'] = $_DB_table_prefix . 'access';
 $_TABLES['article_images'] = $_DB_table_prefix . 'article_images';
+$_TABLES['backup_codes'] = $_DB_table_prefix . 'backup_codes';
 $_TABLES['blocks'] = $_DB_table_prefix . 'blocks';
 $_TABLES['commentedits'] = $_DB_table_prefix . 'commentedits';
 $_TABLES['commentnotifications'] = $_DB_table_prefix . 'commentnotifications';