diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
index 145f27b67dd4361b1549602d628d63c64e5f93bb..8450ba31021ffd0781b69dbf0f062c064b389dbe 100644
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@ -24,7 +24,7 @@ class PasswordsController < Devise::PasswordsController
     super do |resource|
       # TODO (rspeicher): In Devise master (> 3.4.1), we can set
       # `Devise.sign_in_after_reset_password = false` and avoid this mess.
-      if resource.errors.empty? && resource.try(:otp_required_for_login?)
+      if resource.errors.empty? && resource.try(:two_factor_enabled?)
         resource.unlock_access! if unlockable?(resource)
 
         # Since we are not signing this user in, we use the :updated_not_active
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index e7579c652fb19a59718c3a25beaa6326be10a829..03845f1e1eccd5017d0fd47beac968d75150a48d 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -10,7 +10,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
 
   def create
     if current_user.valid_otp?(params[:pin_code])
-      current_user.otp_required_for_login = true
+      current_user.two_factor_enabled = true
       @codes = current_user.generate_otp_backup_codes!
       current_user.save!
 
@@ -30,7 +30,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
 
   def destroy
     current_user.update_attributes({
-      otp_required_for_login:    false,
+      two_factor_enabled:        false,
       encrypted_otp_secret:      nil,
       encrypted_otp_secret_iv:   nil,
       encrypted_otp_secret_salt: nil,
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 4d976fe6630152f26334b64e8b69e068ba3b4a9a..7577fc96d6d7035a862e1a33b3de8c470d7661f8 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -57,7 +57,7 @@ class SessionsController < Devise::SessionsController
   def authenticate_with_two_factor
     user = self.resource = find_user
 
-    return unless user && user.otp_required_for_login
+    return unless user && user.two_factor_enabled?
 
     if user_params[:otp_attempt].present? && session[:otp_user_id]
       if valid_otp_attempt?(user)
diff --git a/app/views/profiles/accounts/show.html.haml b/app/views/profiles/accounts/show.html.haml
index ed009c86568bc16a433f6b9abdb1cb031f950586..378dfa2dce08006eb645815ad5c8077c7779a721 100644
--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -36,7 +36,7 @@
       .panel-heading
         Two-factor Authentication
       .panel-body
-        - if current_user.otp_required_for_login
+        - if current_user.two_factor_enabled?
           .pull-right
             = link_to 'Disable Two-factor Authentication', profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm',
                 data: { confirm: 'Are you sure?' }
diff --git a/spec/controllers/profiles/two_factor_auths_controller_spec.rb b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
index 65415f21e554cbd834c440402fb4f5cd3e7ace68..aa09f1a758d4d148681dd4063ff1f76a8bfbfd31 100644
--- a/spec/controllers/profiles/two_factor_auths_controller_spec.rb
+++ b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
@@ -40,11 +40,11 @@ describe Profiles::TwoFactorAuthsController do
         expect(user).to receive(:valid_otp?).with(pin).and_return(true)
       end
 
-      it 'sets otp_required_for_login' do
+      it 'sets two_factor_enabled' do
         go
 
         user.reload
-        expect(user.otp_required_for_login).to eq true
+        expect(user).to be_two_factor_enabled
       end
 
       it 'presents plaintext codes for the user to save' do
@@ -109,13 +109,13 @@ describe Profiles::TwoFactorAuthsController do
     let!(:codes) { user.generate_otp_backup_codes! }
 
     it 'clears all 2FA-related fields' do
-      expect(user.otp_required_for_login).to eq true
+      expect(user).to be_two_factor_enabled
       expect(user.otp_backup_codes).not_to be_nil
       expect(user.encrypted_otp_secret).not_to be_nil
 
       delete :destroy
 
-      expect(user.otp_required_for_login).to eq false
+      expect(user).not_to be_two_factor_enabled
       expect(user.otp_backup_codes).to be_nil
       expect(user.encrypted_otp_secret).to be_nil
     end