diff --git a/src/Application/Model/d3totp.php b/src/Application/Model/d3totp.php
index fc764fb..0b24665 100644
--- a/src/Application/Model/d3totp.php
+++ b/src/Application/Model/d3totp.php
@@ -121,14 +121,21 @@ class d3totp extends BaseModel
 
     /**
      * @return array
+     * @throws DatabaseConnectionException
      */
     public function generateBackupCodes()
     {
         $factory = new Factory();
         $generator = $factory->getLowStrengthGenerator();
 
-        for ($i = 0; $i < 10; $i++) {
-            $this->_backupCodes[] = $generator->generateString(6, Generator::CHAR_DIGITS);
+        for ($i = 1; $i <= 10; $i++) {
+            $sCode = $generator->generateString(6, Generator::CHAR_DIGITS);
+            $this->_backupCodes[] = $sCode;
+            $this->assign(
+                array(
+                    'bc'.$i => $this->d3EncodeBC($sCode)
+                )
+            );
         }
 
         return $this->_backupCodes;
@@ -213,38 +220,30 @@ class d3totp extends BaseModel
         return $oDb->getOne($sSelect);
     }
 
-    public function save()
-    {
-        $this->assign(
-            array(
-                'bc1'   => $this->d3EncodeBC($this->_backupCodes[0]),
-                'bc2'   => $this->d3EncodeBC($this->_backupCodes[1]),
-                'bc3'   => $this->d3EncodeBC($this->_backupCodes[2]),
-                'bc4'   => $this->d3EncodeBC($this->_backupCodes[3]),
-                'bc5'   => $this->d3EncodeBC($this->_backupCodes[4]),
-                'bc6'   => $this->d3EncodeBC($this->_backupCodes[5]),
-                'bc7'   => $this->d3EncodeBC($this->_backupCodes[6]),
-                'bc8'   => $this->d3EncodeBC($this->_backupCodes[7]),
-                'bc9'   => $this->d3EncodeBC($this->_backupCodes[8]),
-                'bc10'   => $this->d3EncodeBC($this->_backupCodes[9]),
-            )
-        );
-
-        return parent::save();
-    }
-
     /**
      * @param $totp
      * @param $seed
      * @return string
+     * @throws DatabaseConnectionException
      * @throws d3totp_wrongOtpException
      */
     public function verify($totp, $seed = null)
     {
         $blVerify = $this->getTotp($seed)->verify($totp, null, $this->timeWindow);
         if (false == $blVerify) {
-            $oException = oxNew(d3totp_wrongOtpException::class);
-            throw $oException;
+            $oDb = DatabaseProvider::getDb();
+            $aFields = array('bc1', 'bc2', 'bc3', 'bc4', 'bc5', 'bc6', 'bc7', 'bc8', 'bc9', 'bc10');
+
+            $query = "SELECT 1 FROM ".$this->getViewName().
+                " WHERE ".$oDb->quote($this->d3EncodeBC($totp))." IN (".implode(', ', array_map([$oDb, 'quoteIdentifier'], $aFields)).") AND ".
+                $oDb->quoteIdentifier("oxuserid") ." = ".$oDb->quote($this->getUser()->getId());
+
+            $blVerify = (bool) $oDb->getOne($query);
+
+            if (false == $blVerify) {
+                $oException = oxNew(d3totp_wrongOtpException::class);
+                throw $oException;
+            }
         }
 
         return $blVerify;
diff --git a/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php b/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php
index b17130f..27ed85e 100644
--- a/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php
+++ b/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php
@@ -92,6 +92,7 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
      * @param string $sTotp
      * @param d3totp $totp
      * @return bool
+     * @throws DatabaseConnectionException
      * @throws d3totp_wrongOtpException
      */
     public function hasValidTotp($sTotp, $totp)