diff --git a/internal/ui/login/handler/mfa_verify_handler.go b/internal/ui/login/handler/mfa_verify_handler.go
index 5e3b5c5a8f..3d284e01aa 100644
--- a/internal/ui/login/handler/mfa_verify_handler.go
+++ b/internal/ui/login/handler/mfa_verify_handler.go
@@ -60,6 +60,9 @@ func (l *Login) renderMFAVerifySelected(w http.ResponseWriter, r *http.Request,
 	case model.MFATypeOTP:
 		data.MFAProviders = removeSelectedProviderFromList(verificationStep.MFAProviders, model.MFATypeOTP)
 		data.SelectedMFAProvider = model.MFATypeOTP
+	default:
+		l.renderError(w, r, authReq, err)
+		return
 	}
 	l.renderer.RenderTemplate(w, r, l.renderer.Templates[tmplMFAVerify], data, nil)
 }
diff --git a/internal/ui/login/static/templates/mfa_init_verify.html b/internal/ui/login/static/templates/mfa_init_verify.html
index de9ff51e14..98a51e787c 100644
--- a/internal/ui/login/static/templates/mfa_init_verify.html
+++ b/internal/ui/login/static/templates/mfa_init_verify.html
@@ -35,6 +35,8 @@
         </div>
     {{end}}
 
+    {{ template "error-message" .}}
+
     <div class="actions">
         <button class="primary" id="submit-button" type="submit">{{t "Actions.Next"}}</button>
         <a class="button secondary" href="{{ mfaPromptChangeUrl .AuthReqID .MFAType }}">
diff --git a/internal/user/model/user_view.go b/internal/user/model/user_view.go
index 24d3efeaf6..72ed0af935 100644
--- a/internal/user/model/user_view.go
+++ b/internal/user/model/user_view.go
@@ -163,19 +163,6 @@ func (u *UserView) MFATypesAllowed(level req_model.MFALevel, policy *iam_model.L
 			}
 		}
 		//PLANNED: add sms
-		fallthrough
-	case req_model.MFALevelMultiFactor:
-		if policy.HasMultiFactors() {
-			for _, mfaType := range policy.MultiFactors {
-				switch mfaType {
-				case iam_model.MultiFactorTypeU2FWithPIN:
-					if u.IsPasswordlessReady() {
-						types = append(types, req_model.MFATypeU2FUserVerification)
-					}
-				}
-			}
-		}
-		//PLANNED: add token
 	}
 	return types, required
 }