diff --git a/app/main/dao/verify_codes_dao.py b/app/main/dao/verify_codes_dao.py
index 6273c9ac3..049432982 100644
--- a/app/main/dao/verify_codes_dao.py
+++ b/app/main/dao/verify_codes_dao.py
@@ -31,6 +31,13 @@ def use_code(id):
     db.session.commit()
 
 
+def use_code_for_user_and_type(user_id, code_type):
+    verify_code = VerifyCodes.query.filter_by(user_id=user_id, code_type=code_type).first()
+    verify_code.code_used = True
+    db.session.add(verify_code)
+    db.session.commit()
+
+
 def add_code_with_expiry(user_id, code, code_type, expiry):
     code = VerifyCodes(user_id=user_id,
                        code=code,
diff --git a/app/main/forms.py b/app/main/forms.py
index edfbebbbf..8d94fdaf7 100644
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -79,7 +79,6 @@ def validate_code(field, code):
             field.errors.append('Code does not match')
             return False
         else:
-            verify_codes_dao.use_code(code.id)
             return True
     else:
-        return True
+        return False
diff --git a/app/main/views/two_factor.py b/app/main/views/two_factor.py
index 7d8b53326..b06bb2029 100644
--- a/app/main/views/two_factor.py
+++ b/app/main/views/two_factor.py
@@ -2,7 +2,7 @@ from flask import render_template, redirect, jsonify, session
 from flask_login import login_user
 
 from app.main import main
-from app.main.dao import users_dao
+from app.main.dao import users_dao, verify_codes_dao
 from app.main.forms import TwoFactorForm
 
 
@@ -17,6 +17,7 @@ def process_two_factor():
 
     if form.validate_on_submit():
         user = users_dao.get_user_by_id(session['user_id'])
+        verify_codes_dao.use_code_for_user_and_type(user_id=user.id, code_type='sms')
         login_user(user)
         return redirect('/dashboard')
     else:
diff --git a/app/main/views/verify.py b/app/main/views/verify.py
index d54e46d43..96ae0cb76 100644
--- a/app/main/views/verify.py
+++ b/app/main/views/verify.py
@@ -2,7 +2,7 @@ from flask import render_template, redirect, jsonify, session
 from flask_login import login_user
 
 from app.main import main
-from app.main.dao import users_dao
+from app.main.dao import users_dao, verify_codes_dao
 from app.main.forms import VerifyForm
 
 
@@ -16,6 +16,8 @@ def process_verify():
     form = VerifyForm()
     if form.validate_on_submit():
         user = users_dao.get_user_by_id(session['user_id'])
+        verify_codes_dao.use_code_for_user_and_type(user_id=user.id, code_type='email')
+        verify_codes_dao.use_code_for_user_and_type(user_id=user.id, code_type='sms')
         users_dao.activate_user(user.id)
         login_user(user)
         return redirect('/add-service')