diff --git a/botCommands.go b/botCommands.go
index 5f7c873..967a528 100644
--- a/botCommands.go
+++ b/botCommands.go
@@ -9,7 +9,7 @@ func setupCommands() {
 			Commands: []chat1.UserBotCommandInput{
 				{
 					Name:        "authenticate",
-					Description: "Authenticate with Tesla, please use exploding message for username/password OR a token.",
+					Description: "Authenticate with Tesla, please use exploding message for username/password (with optional mfa code) OR a token.",
 					Usage:       "email@example.com Pa$$w0rd",
 				},
 			},
diff --git a/commands.go b/commands.go
index 15276a6..c06d710 100644
--- a/commands.go
+++ b/commands.go
@@ -35,14 +35,17 @@ func authenticate(m chat1.MsgSummary) {
 		k.SendMessageByConvID(m.ConvID, "Please remember to delete your message after we have authenticated!")
 	}
 	parts := strings.Split(m.Content.Text.Body, " ")
-	if len(parts) != 3 && len(parts) != 2 {
+	if len(parts) != 4 && len(parts) != 3 && len(parts) != 2 {
 		k.SendMessageByConvID(m.ConvID, "Invalid input for command authenticate. Requires username and password. This information is not stored in keybase, or logged. %+v", len(parts))
 		return
 	}
 	var username, password, tok string
-	if len(parts) == 3 {
+	if len(parts) > 2 {
 		username = parts[1]
 		password = parts[2]
+		if len(parts) == 4 {
+			tok = parts[3]
+		}
 	} else {
 		tok = parts[1]
 	}
diff --git a/login.go b/login.go
index 008bc87..55d6d95 100644
--- a/login.go
+++ b/login.go
@@ -8,13 +8,15 @@ import (
 	"golang.org/x/oauth2"
 )
 
+var mfaCode string
+
 func noDevice(ctx context.Context, devices []tesla.Device) (d tesla.Device, passcode string, err error) {
-	return tesla.Device{}, "", nil
+	return devices[0], mfaCode, nil
 }
 func login(ctx context.Context, username string, password string, tok string) (string, error) {
 	var client *tesla.Client
 	var err error
-	if tok != "" {
+	if username == "" {
 		client, err = tesla.NewClient(
 			ctx,
 			tesla.WithToken(&oauth2.Token{
@@ -22,6 +24,7 @@ func login(ctx context.Context, username string, password string, tok string) (s
 			}),
 		)
 	} else {
+		mfaCode = tok
 		client, err = tesla.NewClient(
 			ctx,
 			tesla.WithMFAHandler(noDevice),