diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
index 79e3da5f9f3d78eea8e678b4784d70529d5b72d9..bc3bd2f4bcd15699a253eafa20470cf445975d00 100644
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -27,7 +27,7 @@ class Auth::SessionsController < Devise::SessionsController
     if session[:otp_user_id]
       User.find(session[:otp_user_id])
     elsif user_params[:email]
-      User.find_by(email: user_params[:email])
+      User.find_for_authentication(email: user_params[:email])
     end
   end
 
diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb
index 525b8254d27c2167528977d4f2bfa6942c42f9c3..06fdbaabc317a4a4a80385646b775ecb1da82a6a 100644
--- a/spec/controllers/auth/sessions_controller_spec.rb
+++ b/spec/controllers/auth/sessions_controller_spec.rb
@@ -65,6 +65,20 @@ RSpec.describe Auth::SessionsController, type: :controller do
         end
       end
 
+      context 'using email with uppercase letters' do
+        before do
+          post :create, params: { user: { email: user.email.upcase, password: user.password } }
+        end
+
+        it 'redirects to home' do
+          expect(response).to redirect_to(root_path)
+        end
+
+        it 'logs the user in' do
+          expect(controller.current_user).to eq user
+        end
+      end
+
       context 'using an invalid password' do
         before do
           post :create, params: { user: { email: user.email, password: 'wrongpw' } }
@@ -129,6 +143,26 @@ RSpec.describe Auth::SessionsController, type: :controller do
         return codes
       end
 
+      context 'using email and password' do
+        before do
+          post :create, params: { user: { email: user.email, password: user.password } }
+        end
+
+        it 'renders two factor authentication page' do
+          expect(controller).to render_template("two_factor")
+        end
+      end
+
+      context 'using upcase email and password' do
+        before do
+          post :create, params: { user: { email: user.email.upcase, password: user.password } }
+        end
+
+        it 'renders two factor authentication page' do
+          expect(controller).to render_template("two_factor")
+        end
+      end
+
       context 'using a valid OTP' do
         before do
           post :create, params: { user: { otp_attempt: user.current_otp } }, session: { otp_user_id: user.id }