diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
new file mode 100644
index 0000000..a1f9af5
--- /dev/null
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -0,0 +1,59 @@
+<component name="InspectionProjectProfileManager">
+  <profile version="1.0">
+    <option name="myName" value="Project Default" />
+    <inspection_tool class="PyInterpreterInspection" enabled="false" level="WARNING" enabled_by_default="false" />
+    <inspection_tool class="PyPackageRequirementsInspection" enabled="false" level="WARNING" enabled_by_default="false">
+      <option name="ignoredPackages">
+        <value>
+          <list size="45">
+            <item index="0" class="java.lang.String" itemvalue="PyJWT" />
+            <item index="1" class="java.lang.String" itemvalue="alembic" />
+            <item index="2" class="java.lang.String" itemvalue="greenlet" />
+            <item index="3" class="java.lang.String" itemvalue="Babel" />
+            <item index="4" class="java.lang.String" itemvalue="python-dateutil" />
+            <item index="5" class="java.lang.String" itemvalue="SQLAlchemy" />
+            <item index="6" class="java.lang.String" itemvalue="python-dotenv" />
+            <item index="7" class="java.lang.String" itemvalue="MarkupSafe" />
+            <item index="8" class="java.lang.String" itemvalue="requests" />
+            <item index="9" class="java.lang.String" itemvalue="python-editor" />
+            <item index="10" class="java.lang.String" itemvalue="Jinja2" />
+            <item index="11" class="java.lang.String" itemvalue="Flask-Bootstrap" />
+            <item index="12" class="java.lang.String" itemvalue="Flask-Login" />
+            <item index="13" class="java.lang.String" itemvalue="redis" />
+            <item index="14" class="java.lang.String" itemvalue="dominate" />
+            <item index="15" class="java.lang.String" itemvalue="elasticsearch" />
+            <item index="16" class="java.lang.String" itemvalue="Pygments" />
+            <item index="17" class="java.lang.String" itemvalue="certifi" />
+            <item index="18" class="java.lang.String" itemvalue="urllib3" />
+            <item index="19" class="java.lang.String" itemvalue="itsdangerous" />
+            <item index="20" class="java.lang.String" itemvalue="Flask" />
+            <item index="21" class="java.lang.String" itemvalue="blinker" />
+            <item index="22" class="java.lang.String" itemvalue="email-validator" />
+            <item index="23" class="java.lang.String" itemvalue="dnspython" />
+            <item index="24" class="java.lang.String" itemvalue="six" />
+            <item index="25" class="java.lang.String" itemvalue="Werkzeug" />
+            <item index="26" class="java.lang.String" itemvalue="Flask-HTTPAuth" />
+            <item index="27" class="java.lang.String" itemvalue="langdetect" />
+            <item index="28" class="java.lang.String" itemvalue="Flask-WTF" />
+            <item index="29" class="java.lang.String" itemvalue="click" />
+            <item index="30" class="java.lang.String" itemvalue="Flask-SQLAlchemy" />
+            <item index="31" class="java.lang.String" itemvalue="chardet" />
+            <item index="32" class="java.lang.String" itemvalue="Flask-Moment" />
+            <item index="33" class="java.lang.String" itemvalue="WTForms" />
+            <item index="34" class="java.lang.String" itemvalue="PySocks" />
+            <item index="35" class="java.lang.String" itemvalue="httpie" />
+            <item index="36" class="java.lang.String" itemvalue="Flask-Mail" />
+            <item index="37" class="java.lang.String" itemvalue="Flask-Migrate" />
+            <item index="38" class="java.lang.String" itemvalue="pytz" />
+            <item index="39" class="java.lang.String" itemvalue="Mako" />
+            <item index="40" class="java.lang.String" itemvalue="visitor" />
+            <item index="41" class="java.lang.String" itemvalue="Flask-Babel" />
+            <item index="42" class="java.lang.String" itemvalue="idna" />
+            <item index="43" class="java.lang.String" itemvalue="requests-toolbelt" />
+            <item index="44" class="java.lang.String" itemvalue="rq" />
+          </list>
+        </value>
+      </option>
+    </inspection_tool>
+  </profile>
+</component>
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
new file mode 100644
index 0000000..49100b4
--- /dev/null
+++ b/.idea/workspace.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="AutoImportSettings">
+    <option name="autoReloadType" value="SELECTIVE" />
+  </component>
+  <component name="ChangeListManager">
+    <list default="true" id="285438c8-50b9-448a-a339-55b76b90c8e5" name="Changes" comment="" />
+    <option name="SHOW_DIALOG" value="false" />
+    <option name="HIGHLIGHT_CONFLICTS" value="true" />
+    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
+    <option name="LAST_RESOLUTION" value="IGNORE" />
+  </component>
+  <component name="FileTemplateManagerImpl">
+    <option name="RECENT_TEMPLATES">
+      <list>
+        <option value="HTML File" />
+      </list>
+    </option>
+  </component>
+  <component name="MarkdownSettingsMigration">
+    <option name="stateVersion" value="1" />
+  </component>
+  <component name="ProjectLevelVcsManager">
+    <ConfirmationsSetting value="2" id="Add" />
+  </component>
+  <component name="PropertiesComponent"><![CDATA[{
+  "keyToString": {
+    "DefaultHtmlFileTemplate": "HTML File",
+    "node.js.selected.package.tslint": "(autodetect)"
+  }
+}]]></component>
+  <component name="TaskManager">
+    <servers />
+  </component>
+</project>
\ No newline at end of file
diff --git a/app/api/auth.py b/app/api/auth.py
index 230f98c..e78e282 100644
--- a/app/api/auth.py
+++ b/app/api/auth.py
@@ -12,7 +12,6 @@ def verify_password(username, password):
     if user and user.check_password(password):
         return user
 
-
 @basic_auth.error_handler
 def basic_auth_error(status):
     return error_response(status)
diff --git a/app/auth/email.py b/app/auth/email.py
index 98755ac..bdb1d7d 100644
--- a/app/auth/email.py
+++ b/app/auth/email.py
@@ -1,8 +1,31 @@
 from flask import render_template, current_app
 from flask_babel import _
 from app.email import send_email
+import math, random
 
 
+def generate_otp(user):
+    # Declare a digits variable
+    # which stores all digits
+    digits = "0123456789"
+    otp = ""
+
+    # length of password can be changed
+    # by changing value in range
+    for i in range(4):
+        otp += digits[math.floor(random.random() * 10)]
+    return otp
+
+def send_otp_email(user):
+    otp = generate_otp(user)
+    send_email(_('[Microblog] Your one time passcode'),
+               sender=current_app.config['ADMINS'][0],
+               recipients=[user.email],
+               text_body=render_template('email/otp.txt',
+                                         user=user, otp=otp),
+               html_body=render_template('email/otp.html',
+                                         user=user, otp=otp))
+
 def send_password_reset_email(user):
     token = user.get_reset_password_token()
     send_email(_('[Microblog] Reset Your Password'),
diff --git a/app/auth/forms.py b/app/auth/forms.py
index c1dd3eb..f851b79 100644
--- a/app/auth/forms.py
+++ b/app/auth/forms.py
@@ -4,13 +4,15 @@ from wtforms.validators import ValidationError, DataRequired, Email, EqualTo
 from flask_babel import _, lazy_gettext as _l
 from app.models import User
 
-
 class LoginForm(FlaskForm):
     username = StringField(_l('Username'), validators=[DataRequired()])
     password = PasswordField(_l('Password'), validators=[DataRequired()])
     remember_me = BooleanField(_l('Remember Me'))
     submit = SubmitField(_l('Sign In'))
 
+class OTPForm(FlaskForm):
+    OTP = StringField(_l('One Time Passcode'), validators=[DataRequired()]) ###EqualTo(otp)
+    submit = SubmitField(_l('Log in') )
 
 class RegistrationForm(FlaskForm):
     username = StringField(_l('Username'), validators=[DataRequired()])
diff --git a/app/auth/routes.py b/app/auth/routes.py
index b3f1d72..77702dc 100644
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@@ -9,11 +9,8 @@ from app.auth.forms import LoginForm, RegistrationForm, \
 from app.models import User
 from app.auth.email import send_password_reset_email
 
-
 @bp.route('/login', methods=['GET', 'POST'])
 def login():
-    if current_user.is_authenticated:
-        return redirect(url_for('main.index'))
     form = LoginForm()
     if form.validate_on_submit():
         user = User.query.filter_by(username=form.username.data).first()
@@ -23,10 +20,19 @@ def login():
         login_user(user, remember=form.remember_me.data)
         next_page = request.args.get('next')
         if not next_page or url_parse(next_page).netloc != '':
-            next_page = url_for('main.index')
+            next_page = url_for('auth/otp_login.html')
         return redirect(next_page)
     return render_template('auth/login.html', title=_('Sign In'), form=form)
 
+def auth_opt():
+    form = OTPForm()
+    if OTP != user.curr_otp :
+        flash(_('Invalid OTP'))
+    if form.validate_on_submit():
+        return redirect(url_for('main.index'))
+
+    return render_template('auth/otp_login.html', title=_('Enter OTP'),
+                               form=form)
 
 @bp.route('/logout')
 def logout():
diff --git a/app/main/forms.py b/app/main/forms.py
index a7c8d96..f06209c 100644
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -26,7 +26,6 @@ class EditProfileForm(FlaskForm):
 class EmptyForm(FlaskForm):
     submit = SubmitField('Submit')
 
-
 class PostForm(FlaskForm):
     post = TextAreaField(_l('Say something'), validators=[DataRequired()])
     submit = SubmitField(_l('Submit'))
diff --git a/app/models.py b/app/models.py
index 5bdab20..c7741e7 100644
--- a/app/models.py
+++ b/app/models.py
@@ -96,6 +96,7 @@ class User(UserMixin, PaginatedAPIMixin, db.Model):
     password_hash = db.Column(db.String(128))
     posts = db.relationship('Post', backref='author', lazy='dynamic')
     about_me = db.Column(db.String(140))
+    otp = db.Column(db.String(4), index=True, unique=True)
     last_seen = db.Column(db.DateTime, default=datetime.utcnow)
     token = db.Column(db.String(32), index=True, unique=True)
     token_expiration = db.Column(db.DateTime)
@@ -118,6 +119,12 @@ class User(UserMixin, PaginatedAPIMixin, db.Model):
     def __repr__(self):
         return '<User {}>'.format(self.username)
 
+    def set_otp(self, otp):
+        self.otp = otp
+
+    def get_otp(self):
+        return self.otp
+
     def set_password(self, password):
         self.password_hash = generate_password_hash(password)
 
diff --git a/app/templates/auth/opt_login.html b/app/templates/auth/opt_login.html
new file mode 100644
index 0000000..9ab59b3
--- /dev/null
+++ b/app/templates/auth/opt_login.html
@@ -0,0 +1,14 @@
+{% extends 'base.html' %}
+{% import 'bootstrap/wtf.html' as wtf %}
+
+{% block app_content %}
+    <h1>{{ _('Validation') }}</h1>
+    <div class="row">
+        <div class="col-md-4">
+            {{ wtf.quick_form(form) }}
+        </div>
+    </div>
+    <br>
+    <p>{{ _('New User?') }} <a href="{{ url_for('auth.register') }}">{{ _('Click to Register!') }}</a></p>
+    <p>{{ _('Returning User?') }} <a href="{{ url_for('auth.login') }}">{{ _('Click to Login!') }}</a></p>
+{% endblock %}
diff --git a/app/templates/email/otp.html b/app/templates/email/otp.html
new file mode 100644
index 0000000..a2460e2
--- /dev/null
+++ b/app/templates/email/otp.html
@@ -0,0 +1,9 @@
+<p>Dear {{ user.username }},</p>
+<p>
+    Here is your one time passcode
+    <p>{{otp}}</p>
+</p>
+
+<p>If you have not requested an otp, simply ignore this message.</p>
+<p>Sincerely,</p>
+<p>The Microblog Team</p>
diff --git a/app/templates/email/otp.txt b/app/templates/email/otp.txt
new file mode 100644
index 0000000..afc9182
--- /dev/null
+++ b/app/templates/email/otp.txt
@@ -0,0 +1,11 @@
+Dear {{ user.username }},
+
+Here is your one time passcode:
+
+{{otp}}
+
+If you have not requested a otp, simply ignore this message.
+
+Sincerely,
+
+The Microblog Team