diff --git a/hiboo/account/login.py b/hiboo/account/login.py
index 08132659b62f9597bb2d387b06e4583ab6263310..d5add1917402e790ebb514527d23809ecc9aef7e 100644
--- a/hiboo/account/login.py
+++ b/hiboo/account/login.py
@@ -13,7 +13,7 @@ def signin_password():
     form = forms.LoginForm()
     if form.validate_on_submit():
         user = models.User.login(form.username.data, form.password.data)
-        if user and models.Auth.TOTP in user.auths:
+        if user and models.Auth.TOTP in user.auths and user.auths[models.Auth.TOTP].enabled:
             session["username"] = user.username
             return flask.redirect(utils.url_for(".signin_totp"))
         elif user:
@@ -73,7 +73,7 @@ def signup():
         else:
             user = models.User()
             user.username = form.username.data
-            auth = models.Auth(models.Auth.PASSWORD)
+            auth = models.Auth(models.Auth.PASSWORD, enabled=True)
             auth.set_password(form.password.data)
             user.auths = {models.Auth.PASSWORD: auth}
             models.db.session.add(user)
diff --git a/hiboo/models.py b/hiboo/models.py
index 8ca33eeccdfb28daf72ad52f6110c50227eb0482..fd60980fcf687453a883a46dddda71ddc491a233 100644
--- a/hiboo/models.py
+++ b/hiboo/models.py
@@ -164,10 +164,12 @@ class Auth(db.Model):
         TOTP: "blue"
     }
 
-    def __init__(self, realm):
+    def __init__(self, realm, enabled=False):
         self.realm = realm
+        self.enabled = enabled
 
     realm = db.Column(db.String(25), server_default=PASSWORD)
+    enabled = db.Column(db.Boolean(), nullable=False, default=1)
     user_uuid = db.Column(db.String(36), db.ForeignKey(User.uuid))
     user = db.relationship(User,
         backref=db.backref('auths',
diff --git a/migrations/versions/f9130c1a10f7_add_enableable_auth.py b/migrations/versions/f9130c1a10f7_add_enableable_auth.py
new file mode 100644
index 0000000000000000000000000000000000000000..1724277796b2b8831f131cec259afc0ded9da517
--- /dev/null
+++ b/migrations/versions/f9130c1a10f7_add_enableable_auth.py
@@ -0,0 +1,26 @@
+""" add enableable auth
+
+Revision ID: f9130c1a10f7
+Revises: 07709c08a6d7
+Create Date: 2023-02-10 14:57:20.853487
+"""
+
+from alembic import op
+import sqlalchemy as sa
+import hiboo
+
+
+revision = 'f9130c1a10f7'
+down_revision = '07709c08a6d7'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    with op.batch_alter_table('auth') as batch_op:
+        batch_op.add_column(sa.Column('enabled', sa.Boolean(), server_default="1", nullable=False))
+
+
+def downgrade():
+    with op.batch_alter_table('auth') as batch_op:
+        batch_op.drop_column('auth', 'enabled')