diff --git a/management/daemon.py b/management/daemon.py
index f4f972dc..bc519789 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -416,12 +416,12 @@ def totp_post_enable():
 	token = request.form.get('token')
 	label = request.form.get('label')
 	if type(token) != str:
-		return json_response({ "error": 'bad_input' }, 400)
+		return ("Bad Input", 400)
 	try:
 		validate_totp_secret(secret)
 		enable_mfa(request.user_email, "totp", secret, token, label, env)
 	except ValueError as e:
-		return str(e)
+		return (str(e), 400)
 	return "OK"
 
 @app.route('/mfa/disable', methods=['POST'])
diff --git a/management/templates/mfa.html b/management/templates/mfa.html
index 32b7f6cd..8e2737c1 100644
--- a/management/templates/mfa.html
+++ b/management/templates/mfa.html
@@ -233,31 +233,8 @@ and ensure every administrator account for this control panel does the same.</st
                 secret: $(el.totpSetupSecret).val(),
                 label: $(el.totpSetupLabel).val()
             },
-            function(res) {
-                do_logout();
-            },
-            function(res) {
-                var errorMessage = 'Something went wrong.';
-                var parsed;
-
-                try {
-                    parsed = JSON.parse(res);
-                } catch (err) {
-                    return render_error(errorMessage);
-                }
-
-                var error = parsed && parsed.error
-                    ? parsed.error
-                    : null;
-
-                if (error === 'token_mismatch') {
-                    errorMessage = 'Code does not match.';
-                } else if (error === 'bad_input') {
-                    errorMessage = 'Received request with malformed data.';
-                }
-
-                render_error(errorMessage);
-            }
+            function(res) { do_logout(); },
+            function(res) { render_error(res); }
         );
 
         return false;