diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
index 21b7e833d..0aa015828 100644
--- a/app/Providers/RouteServiceProvider.php
+++ b/app/Providers/RouteServiceProvider.php
@@ -41,7 +41,7 @@ class RouteServiceProvider extends ServiceProvider
              ->namespace($this->namespace . '\Admin')
              ->group(base_path('routes/admin.php'));
 
-        Route::middleware(['web', 'guest', 'csrf'])->prefix('/auth')
+        Route::middleware(['web', 'csrf'])->prefix('/auth')
              ->namespace($this->namespace . '\Auth')
              ->group(base_path('routes/auth.php'));
 
diff --git a/resources/lang/en/auth.php b/resources/lang/en/auth.php
index 3748167f6..5561c2d87 100644
--- a/resources/lang/en/auth.php
+++ b/resources/lang/en/auth.php
@@ -17,4 +17,5 @@ return [
     'request_reset' => 'Locate Account',
     '2fa_required' => '2-Factor Authentication',
     '2fa_failed' => 'The 2FA token provided was invalid.',
+    'totp_failed' => 'There was an error while attempting to validate TOTP.',
 ];
diff --git a/routes/auth.php b/routes/auth.php
index b9828d0bf..2d0ae392b 100644
--- a/routes/auth.php
+++ b/routes/auth.php
@@ -22,13 +22,13 @@
  * SOFTWARE.
  */
 
-Route::get('/logout', 'LoginController@logout')->name('auth.logout');
+Route::get('/logout', 'LoginController@logout')->name('auth.logout')->middleware('auth');
 Route::get('/login', 'LoginController@showLoginForm')->name('auth.login');
 Route::get('/login/totp', 'LoginController@totp')->name('auth.totp');
 Route::get('/password', 'ForgotPasswordController@showLinkRequestForm')->name('auth.password');
 Route::get('/password/reset/{token}', 'ForgotPasswordController@showResetForm')->name('auth.reset');
 
 Route::post('/login', 'LoginController@login')->middleware('recaptcha');
-Route::post('/login', 'LoginController@totpCheckpoint');
+Route::post('/login/totp', 'LoginController@totpCheckpoint');
 Route::post('/password/reset', 'ResetPasswordController@reset')->name('auth.reset.post')->middleware('recaptcha');
 Route::post('/password/reset/{token}', 'ForgotPasswordController@sendResetLinkEmail')->middleware('recaptcha');