diff --git a/core/servers/content/nntp.js b/core/servers/content/nntp.js
index 4959dc64..9f7c5a13 100644
--- a/core/servers/content/nntp.js
+++ b/core/servers/content/nntp.js
@@ -141,7 +141,7 @@ class NNTPServer extends NNTPServerBase {
 
         return new Promise( resolve => {
             const user = new User();
-            user.authenticate(username, password, err => {
+            user.authenticateFactor1({ type : User.AuthFactor1Types.Password, username, password }, err => {
                 if(err) {
                     //  :TODO: Log IP address
                     this.log.debug( { username, reason : err.message }, 'Authentication failure');
diff --git a/core/servers/login/ssh.js b/core/servers/login/ssh.js
index 3b0e852f..3e486bbd 100644
--- a/core/servers/login/ssh.js
+++ b/core/servers/login/ssh.js
@@ -23,7 +23,6 @@ const fs            = require('graceful-fs');
 const util          = require('util');
 const _             = require('lodash');
 const assert        = require('assert');
-const crypto        = require('crypto');
 
 const ModuleInfo = exports.moduleInfo = {
     name        : 'SSH',
@@ -108,7 +107,7 @@ function SSHClient(clientConn) {
         };
 
         const authWithPasswordOrPubKey = (authType) => {
-            if('pubKey' !== authType || !self.user.isAuthenticated() || !ctx.signature) {
+            if(User.AuthFactor1Types.PubKey !== authType || !self.user.isAuthenticated() || !ctx.signature) {
                 //  step 1: login/auth using PubKey
                 userLogin(self, ctx.username, ctx.password, { authType, ctx }, (err) => {
                     if(err) {
@@ -188,11 +187,11 @@ function SSHClient(clientConn) {
 
         switch(ctx.method) {
             case 'password' :
-                return authWithPasswordOrPubKey('password');
+                return authWithPasswordOrPubKey(User.AuthFactor1Types.Password);
                 //return authWithPassword();
 
             case 'publickey' :
-                return authWithPasswordOrPubKey('pubKey');
+                return authWithPasswordOrPubKey(User.AuthFactor1Types.PubKey);
                 //return authWithPubKey();
 
             case 'keyboard-interactive' :
diff --git a/core/user.js b/core/user.js
index 36a2f72f..3b20aa76 100644
--- a/core/user.js
+++ b/core/user.js
@@ -178,17 +178,20 @@ module.exports = class User {
         });
     }
 
-    authenticate(username, password, options, cb) {
-        if(!cb && _.isFunction(options)) {
-            cb = options;
-            options = {};
-        }
+    static get AuthFactor1Types() {
+        return {
+            PubKey      : 'pubKey',
+            Password    : 'password',
+        };
+    }
 
+    authenticateFactor1(authInfo, cb) {
+        const username = authInfo.username;
         const self = this;
         const tempAuthInfo = {};
 
         const validatePassword = (props, callback) => {
-            User.generatePasswordDerivedKey(password, props[UserProps.PassPbkdf2Salt], (err, dk) => {
+            User.generatePasswordDerivedKey(authInfo.password, props[UserProps.PassPbkdf2Salt], (err, dk) => {
                 if(err) {
                     return callback(err);
                 }
@@ -212,8 +215,8 @@ module.exports = class User {
                 return callback(Errors.AccessDenied('Invalid public key'));
             }
 
-            if(options.ctx.key.algo != pubKeyActual.type ||
-                !crypto.timingSafeEqual(options.ctx.key.data, pubKeyActual.getPublicSSH()))
+            if(authInfo.pubKey.key.algo != pubKeyActual.type ||
+                !crypto.timingSafeEqual(authInfo.pubKey.key.data, pubKeyActual.getPublicSSH()))
             {
                 return callback(Errors.AccessDenied('Invalid public key'));
             }
@@ -234,12 +237,12 @@ module.exports = class User {
                 },
                 function getRequiredAuthProperties(callback) {
                     //  fetch properties required for authentication
-                    User.loadProperties( tempAuthInfo.userId, { names : User.StandardPropertyGroups.auth }, (err, props) => {
+                    User.loadProperties(tempAuthInfo.userId, { names : User.StandardPropertyGroups.auth }, (err, props) => {
                         return callback(err, props);
                     });
                 },
                 function validatePassOrPubKey(props, callback) {
-                    if('pubKey' === options.authType) {
+                    if(User.AuthFactor1Types.PubKey === authInfo.type) {
                         return validatePubKey(props, callback);
                     }
                     return validatePassword(props, callback);
diff --git a/core/user_login.js b/core/user_login.js
index 1f1180da..98bdeefb 100644
--- a/core/user_login.js
+++ b/core/user_login.js
@@ -15,6 +15,7 @@ const {
 const UserProps         = require('./user_property.js');
 const SysProps          = require('./system_property.js');
 const SystemLogKeys     = require('./system_log.js');
+const User              = require('./user.js');
 
 //  deps
 const async             = require('async');
@@ -39,7 +40,15 @@ function userLogin(client, username, password, options, cb) {
         }, 2000);
     }
 
-    client.user.authenticate(username, password, options, err => {
+    const authInfo = {
+        username,
+        password,
+    };
+
+    authInfo.type   = options.authType || User.AuthFactor1Types.Password;
+    authInfo.pubKey = options.ctx;
+
+    client.user.authenticateFactor1(authInfo, err => {
         if(err) {
             client.user.sessionFailedLoginAttempts = _.get(client.user, 'sessionFailedLoginAttempts', 0) + 1;
             const disconnect = config.users.failedLogin.disconnect;