diff --git a/osu.Game/Online/API/APIAccess.cs b/osu.Game/Online/API/APIAccess.cs
index 42cf39414e..389816fcf8 100644
--- a/osu.Game/Online/API/APIAccess.cs
+++ b/osu.Game/Online/API/APIAccess.cs
@@ -230,8 +230,6 @@ namespace osu.Game.Online.API
                 try
                 {
                     authentication.AuthenticateWithLogin(ProvidedUsername, password);
-                    state.Value = APIState.RequiresSecondFactorAuth;
-                    return;
                 }
                 catch (Exception e)
                 {
@@ -244,28 +242,6 @@ namespace osu.Game.Online.API
                 }
             }
 
-            if (state.Value == APIState.RequiresSecondFactorAuth)
-            {
-                if (string.IsNullOrEmpty(SecondFactorCode))
-                    return;
-
-                state.Value = APIState.Connecting;
-                LastLoginError = null;
-
-                // TODO: use code to ensure second factor authentication completed.
-                Thread.Sleep(1000);
-                bool success = SecondFactorCode == "00000000";
-                SecondFactorCode = null;
-
-                if (!success)
-                {
-                    state.Value = APIState.RequiresSecondFactorAuth;
-                    LastLoginError = new InvalidOperationException("Second factor auth failed");
-                    SecondFactorCode = null;
-                    return;
-                }
-            }
-
             var userReq = new GetMeRequest();
             userReq.Failure += ex =>
             {
@@ -285,14 +261,13 @@ namespace osu.Game.Online.API
                     state.Value = APIState.Failing;
                 }
             };
-            userReq.Success += user =>
+            userReq.Success += me =>
             {
-                user.Status.Value = configStatus.Value ?? UserStatus.Online;
+                me.Status.Value = configStatus.Value ?? UserStatus.Online;
 
-                setLocalUser(user);
+                setLocalUser(me);
 
-                // we're connected!
-                state.Value = APIState.Online;
+                state.Value = me.SessionVerified ? APIState.Online : APIState.RequiresSecondFactorAuth;
                 failureCount = 0;
             };
 
@@ -302,6 +277,34 @@ namespace osu.Game.Online.API
                 return;
             }
 
+            if (state.Value == APIState.RequiresSecondFactorAuth)
+            {
+                if (string.IsNullOrEmpty(SecondFactorCode))
+                    return;
+
+                state.Value = APIState.Connecting;
+                LastLoginError = null;
+
+                var verificationRequest = new VerifySessionRequest(SecondFactorCode);
+
+                verificationRequest.Success += () => state.Value = APIState.Online;
+                verificationRequest.Failure += ex =>
+                {
+                    state.Value = APIState.RequiresSecondFactorAuth;
+                    LastLoginError = ex;
+                    SecondFactorCode = null;
+                };
+
+                if (!handleRequest(verificationRequest))
+                {
+                    state.Value = APIState.Failing;
+                    return;
+                }
+
+                if (state.Value != APIState.Online)
+                    return;
+            }
+
             var friendsReq = new GetFriendsRequest();
             friendsReq.Failure += _ => state.Value = APIState.Failing;
             friendsReq.Success += res =>