diff --git a/docs-parent/pom.xml b/docs-parent/pom.xml
index 3db35ad8..c86fa7e0 100644
--- a/docs-parent/pom.xml
+++ b/docs-parent/pom.xml
@@ -40,6 +40,7 @@
     <com.twelvemonkeys.imageio.version>3.2.1</com.twelvemonkeys.imageio.version>
     <com.levigo.jbig2.levigo-jbig2-imageio.version>1.6.5</com.levigo.jbig2.levigo-jbig2-imageio.version>
     <com.github.jai-imageio.jai-imageio-core.version>1.3.1</com.github.jai-imageio.jai-imageio-core.version>
+    <com.warrenstrange.googleauth>0.6.0</com.warrenstrange.googleauth>
 
     <org.eclipse.jetty.jetty-server.version>9.2.13.v20150730</org.eclipse.jetty.jetty-server.version>
     <org.eclipse.jetty.jetty-webapp.version>9.2.13.v20150730</org.eclipse.jetty.jetty-webapp.version>
@@ -395,18 +396,27 @@
         <version>${com.twelvemonkeys.imageio.version}</version>
       </dependency>
       
-      <dependency><!-- Only JBIG2 -->
+      <!-- Only JBIG2 -->
+      <dependency>
         <groupId>com.levigo.jbig2</groupId>
         <artifactId>levigo-jbig2-imageio</artifactId>
         <version>${com.levigo.jbig2.levigo-jbig2-imageio.version}</version>
       </dependency>
       
-      <dependency><!-- Essentially TIFF (for OCR) -->
+      <!-- Essentially TIFF (for OCR) -->
+      <dependency>
         <groupId>com.github.jai-imageio</groupId>
         <artifactId>jai-imageio-core</artifactId>
         <version>${com.github.jai-imageio.jai-imageio-core.version}</version>
       </dependency>
       
+      <!-- TOTP Authentication -->
+      <dependency>
+        <groupId>com.warrenstrange</groupId>
+        <artifactId>googleauth</artifactId>
+        <version>${com.warrenstrange.googleauth}</version>
+      </dependency>
+      
     </dependencies>
   </dependencyManagement>
   
diff --git a/docs-web/pom.xml b/docs-web/pom.xml
index 048cc060..5b072a9c 100644
--- a/docs-web/pom.xml
+++ b/docs-web/pom.xml
@@ -89,6 +89,11 @@
       <artifactId>servlet</artifactId>
     </dependency>
     
+    <dependency>
+      <groupId>com.warrenstrange</groupId>
+      <artifactId>googleauth</artifactId>
+    </dependency>
+    
     <!-- Test dependencies -->
     <dependency>
       <groupId>com.sismics.docs</groupId>
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
index d27ca7c6..960846ff 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
@@ -55,6 +55,8 @@ import com.sismics.rest.util.JsonUtil;
 import com.sismics.rest.util.ValidationUtil;
 import com.sismics.security.UserPrincipal;
 import com.sismics.util.filter.TokenBasedSecurityFilter;
+import com.warrenstrange.googleauth.GoogleAuthenticator;
+import com.warrenstrange.googleauth.GoogleAuthenticatorKey;
 
 /**
  * User REST resources.
@@ -639,6 +641,29 @@ public class UserResource extends BaseResource {
         return Response.ok().entity(response.build()).build();
     }
     
+    @POST
+    @Path("enable_totp")
+    public Response enableTotp() {
+        if (!authenticate()) {
+            throw new ForbiddenClientException();
+        }
+        
+        // Create a new TOTP key and scratch codes
+        // TODO Copy library sources here to scrap useless dependencies and make verification code generation public for testing
+        GoogleAuthenticator gAuth = new GoogleAuthenticator();
+        final GoogleAuthenticatorKey key = gAuth.createCredentials();
+        
+        JsonArrayBuilder scratchCodes = Json.createArrayBuilder();
+        for (int scratchCode : key.getScratchCodes()) {
+            scratchCodes.add(scratchCode);
+        }
+        
+        JsonObjectBuilder response = Json.createObjectBuilder()
+                .add("secret", key.getKey())
+                .add("scratch_codes", scratchCodes);
+        return Response.ok().entity(response.build()).build();
+    }
+    
     /**
      * Returns the authentication token value.
      * 
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java
index 1da249fe..bace64ef 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java
@@ -23,8 +23,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
 public class TestAclResource extends BaseJerseyTest {
     /**
      * Test the ACL resource.
-     * 
-     * @throws JSONException
      */
     @Test
     public void testAclResource() {
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
index e6cf2e40..4a8df5b0 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
@@ -21,8 +21,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
 public class TestAppResource extends BaseJerseyTest {
     /**
      * Test the API resource.
-     * 
-     * @throws JSONException
      */
     @Test
     public void testAppResource() {
@@ -63,8 +61,6 @@ public class TestAppResource extends BaseJerseyTest {
 
     /**
      * Test the log resource.
-     * 
-     * @throws JSONException
      */
     @Test
     public void testLogResource() {
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestAuditLogResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestAuditLogResource.java
index 3ec5f011..58ad2e75 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestAuditLogResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestAuditLogResource.java
@@ -20,8 +20,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
 public class TestAuditLogResource extends BaseJerseyTest {
     /**
      * Test the audit log resource.
-     * 
-     * @throws JSONException
      */
     @Test
     public void testAuditLogResource() {
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestCommentResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestCommentResource.java
index f4677dd9..d3a7c1f4 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestCommentResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestCommentResource.java
@@ -21,11 +21,9 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
 public class TestCommentResource extends BaseJerseyTest {
     /**
      * Test the comment resource.
-     * 
-     * @throws Exception 
      */
     @Test
-    public void testCommentResource() throws Exception {
+    public void testCommentResource() {
         // Login comment1
         clientUtil.createUser("comment1");
         String comment1Token = clientUtil.login("comment1");
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestDocumentResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestDocumentResource.java
index b48dd754..4f7b4ee8 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestDocumentResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestDocumentResource.java
@@ -359,9 +359,8 @@ public class TestDocumentResource extends BaseJerseyTest {
      * @param query Search query
      * @param token Authentication token
      * @return Number of documents found
-     * @throws Exception
      */
-    private int searchDocuments(String query, String token) throws Exception {
+    private int searchDocuments(String query, String token) {
         JsonObject json = target().path("/document/list")
                 .queryParam("search", query)
                 .request()
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java
index 93cd5a5c..a92f111b 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java
@@ -198,6 +198,11 @@ public class TestFileResource extends BaseJerseyTest {
         Assert.assertEquals(1, files.size());
     }
     
+    /**
+     * Test orphan files (without linked document).
+     * 
+     * @throws Exception
+     */
     @Test
     public void testOrphanFile() throws Exception {
         // Login file2
@@ -283,6 +288,11 @@ public class TestFileResource extends BaseJerseyTest {
         Assert.assertEquals("ok", json.getString("status"));
     }
     
+    /**
+     * Test user quota.
+     * 
+     * @throws Exception
+     */
     @Test
     public void testQuota() throws Exception {
         // Login file_quota
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestGroupResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestGroupResource.java
index 834c1261..c37ad04c 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestGroupResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestGroupResource.java
@@ -22,8 +22,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
 public class TestGroupResource extends BaseJerseyTest {
     /**
      * Test the group resource.
-     * 
-     * @throws JSONException
      */
     @Test
     public void testGroupResource() {
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestSecurity.java b/docs-web/src/test/java/com/sismics/docs/rest/TestSecurity.java
index 0b938a64..ccf1f6c9 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestSecurity.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestSecurity.java
@@ -21,8 +21,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
 public class TestSecurity extends BaseJerseyTest {
     /**
      * Test of the security layer.
-     * 
-     * @throws JSONException
      */
     @Test
     public void testSecurity() {
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestShareResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestShareResource.java
index 4bccaf43..959e9dd3 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestShareResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestShareResource.java
@@ -28,7 +28,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
 public class TestShareResource extends BaseJerseyTest {
     /**
      * Test the share resource.
-     * @throws Exception 
      * 
      * @throws Exception
      */
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java
index 49f68a9d..597074da 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java
@@ -21,8 +21,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
 public class TestTagResource extends BaseJerseyTest {
     /**
      * Test the tag resource.
-     * 
-     * @throws JSONException
      */
     @Test
     public void testTagResource() {
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
index aca82154..241990e6 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
@@ -22,8 +22,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
 public class TestUserResource extends BaseJerseyTest {
     /**
      * Test the user resource.
-     * 
-     * @throws JSONException
      */
     @Test
     public void testUserResource() {
@@ -229,8 +227,6 @@ public class TestUserResource extends BaseJerseyTest {
 
     /**
      * Test the user resource admin functions.
-     * 
-     * @throws JSONException
      */
     @Test
     public void testUserResourceAdmin() {
@@ -290,4 +286,18 @@ public class TestUserResource extends BaseJerseyTest {
         json = response.readEntity(JsonObject.class);
         Assert.assertEquals("UserNotFound", json.getString("type"));
     }
+    
+    @Test
+    public void testTotp() {
+        // Create totp1 user
+        clientUtil.createUser("totp1");
+        String totp1Token = clientUtil.login("totp1");
+        
+        // Enable TOTP for totp1
+        JsonObject json = target().path("/user/enable_totp").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, totp1Token)
+                .post(Entity.form(new Form()), JsonObject.class);
+        String secret = json.getString("secret");
+        Assert.assertNotNull(secret);
+    }
 }
\ No newline at end of file
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java
index 9d2005e3..9fd83517 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java
@@ -19,11 +19,9 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
 public class TestVocabularyResource extends BaseJerseyTest {
     /**
      * Test the vocabulary resource.
-     * 
-     * @throws Exception 
      */
     @Test
-    public void testVocabularyResource() throws Exception {
+    public void testVocabularyResource() {
         // Login vocabulary1
         clientUtil.createUser("vocabulary1");
         String vocabulary1Token = clientUtil.login("vocabulary1");