diff --git a/CHANGELOG b/CHANGELOG
index cc5f1897b..83af90762 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 --------------------------------------------------------------------------------
                      Changes in version 6.0.37
 --------------------------------------------------------------------------------
+- do not require second factor for authentication when accessing webdav server
 - merge changes up to 5.1.44
 
 --------------------------------------------------------------------------------
diff --git a/controllers/class.Login.php b/controllers/class.Login.php
index e28c23258..96f99b8a1 100644
--- a/controllers/class.Login.php
+++ b/controllers/class.Login.php
@@ -64,12 +64,14 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
 			return false;
 		}
 
-		if($settings->_enable2FactorAuthentication) {
-			if($user->getSecret()) {
-				$tfa = new \RobThree\Auth\TwoFactorAuth(new \RobThree\Auth\Providers\Qr\BaconQrCodeProvider());
-				if($tfa->verifyCode($user->getSecret(), $_POST['twofactauth']) !== true) {
-					$this->setErrorMsg("login_error_text");
-					return false;
+		if($source == 'web') {
+			if($settings->_enable2FactorAuthentication) {
+				if($user->getSecret()) {
+					$tfa = new \RobThree\Auth\TwoFactorAuth(new \RobThree\Auth\Providers\Qr\BaconQrCodeProvider());
+					if($tfa->verifyCode($user->getSecret(), $_POST['twofactauth']) !== true) {
+						$this->setErrorMsg("login_error_text");
+						return false;
+					}
 				}
 			}
 		}