diff --git a/src/common/utilities/util_authorization.py b/src/common/utilities/util_authorization.py
index 2f9f672..62ee39c 100644
--- a/src/common/utilities/util_authorization.py
+++ b/src/common/utilities/util_authorization.py
@@ -32,7 +32,14 @@ def auth_validate(verify_exp=True) -> tuple[AuthType, Union[Dict, AccessFailType
 def validate_basic(auth_token):
     import base64
     from database.sql_db.dao import dao_user
+    from otpauth import TOTP
+    import re
 
     decoded_token = base64.b64decode(auth_token).decode('utf-8')
-    username, password = decoded_token.split(':', 1)
-    return {'user_name': username} if dao_user.user_password_verify(username, password) else AccessFailType.INVALID
+    user_name, password = decoded_token.split(':', 1)
+    if dao_user.user_password_verify(user_name, password) or (
+        (otp_secret := dao_user.get_otp_secret(user_name)) and re.match(r'^\d+$', password) and TOTP(otp_secret.encode()).verify(int(password))
+    ):
+        return {'user_name': user_name}
+    else:
+        return AccessFailType.INVALID