diff --git a/CHANGELOG.md b/CHANGELOG.md
index 45b61efc5..fc8639ea8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,12 +5,32 @@
 * **[BC BREAK]** Convert 403 errors to 404 errors by @yguedidi in https://github.com/wallabag/wallabag/pull/8075
 * `wallassets/` folder renamed to `build/`
 
+## [2.6.12](https://github.com/wallabag/wallabag/tree/2.6.12)
+[Full Changelog](https://github.com/wallabag/wallabag/compare/2.6.11...2.6.12)
+
+### Technical stuff
+
+* Fix changelog by @yguedidi in [https://github.com/wallabag/wallabag/pull/8135](https://github.com/wallabag/wallabag/pull/8135)
+* Update dependencies by @yguedidi in [https://github.com/wallabag/wallabag/pull/8136](https://github.com/wallabag/wallabag/pull/8136)
+
+
 ## [2.6.11](https://github.com/wallabag/wallabag/tree/2.6.11)
 [Full Changelog](https://github.com/wallabag/wallabag/compare/2.6.10...2.6.11)
 
 ### Security fix
 * Protect actions with a CSRF token by @yguedidi in https://github.com/wallabag/wallabag/commit/99c8a06594d6ee7480ce4d041ccff3025b353656
 
+### Fixes
+
+* Fix redirection after action in search results by @nicosomb in [https://github.com/wallabag/wallabag/pull/7827](https://github.com/wallabag/wallabag/pull/7827)
+* Fix title tag filter by @nicosomb in [https://github.com/wallabag/wallabag/pull/7846](https://github.com/wallabag/wallabag/pull/7846)
+* Change NB_ELEMENTS in pocket importer to 30 by @j0k3r in [https://github.com/wallabag/wallabag/pull/7993](https://github.com/wallabag/wallabag/pull/7993)
+* Fix entries counter for annotated entries in the menu by @j0k3r in [https://github.com/wallabag/wallabag/pull/7999](https://github.com/wallabag/wallabag/pull/7999)
+
+### Technical stuff
+
+* Prepare 2.6.11 release by @yguedidi in [https://github.com/wallabag/wallabag/pull/8133](https://github.com/wallabag/wallabag/pull/8133)
+
 ## [2.6.10](https://github.com/wallabag/wallabag/tree/2.6.10)
 [Full Changelog](https://github.com/wallabag/wallabag/compare/2.6.9...2.6.10)
 
diff --git a/app/config/wallabag.yml b/app/config/wallabag.yml
index 29656236d..02106a33b 100644
--- a/app/config/wallabag.yml
+++ b/app/config/wallabag.yml
@@ -1,5 +1,5 @@
 parameters:
-    wallabag.version: 2.6.11
+    wallabag.version: 2.7.0-dev
     wallabag.paypal_url: "https://liberapay.com/wallabag/donate"
     wallabag.languages:
         en: 'English'
diff --git a/src/Controller/ConfigController.php b/src/Controller/ConfigController.php
index a5c7bdf1c..197d504a5 100644
--- a/src/Controller/ConfigController.php
+++ b/src/Controller/ConfigController.php
@@ -396,12 +396,14 @@ class ConfigController extends AbstractController
             throw new BadRequestHttpException('Bad CSRF token.');
         }
 
+        $user = $this->getUser();
+
         $isValid = $googleAuthenticator->checkCode(
-            $this->getUser(),
+            $user,
             $request->request->get('_auth_code')
         );
 
-        if (true === $isValid) {
+        if ($isValid) {
             $this->addFlash(
                 'notice',
                 'flashes.config.notice.otp_enabled'
@@ -411,14 +413,14 @@ class ConfigController extends AbstractController
         }
 
         $this->addFlash(
-            'two_factor',
-            'scheb_two_factor.code_invalid'
+            'notice',
+            'flashes.config.notice.otp_code_invalid'
         );
 
-        $this->addFlash(
-            'notice',
-            'scheb_two_factor.code_invalid'
-        );
+        $user->setGoogleAuthenticatorSecret(null);
+        $user->setBackupCodes(null);
+
+        $this->userManager->updateUser($user);
 
         return $this->redirect($this->generateUrl('config') . '#set3');
     }
diff --git a/templates/Config/otp_app.html.twig b/templates/Config/otp_app.html.twig
index 792455d3f..475d783b1 100644
--- a/templates/Config/otp_app.html.twig
+++ b/templates/Config/otp_app.html.twig
@@ -42,7 +42,7 @@
                                     <div class="row">
                                         <div class="input-field col s12">
                                             <label for="_auth_code">{{ "auth_code"|trans({}, 'SchebTwoFactorBundle') }}</label>
-                                            <input id="_auth_code" type="text" autocomplete="off" name="_auth_code" />
+                                            <input id="_auth_code" type="text" autocomplete="off" name="_auth_code" required="required" />
                                         </div>
                                     </div>
                                 </div>
diff --git a/translations/messages.en.yml b/translations/messages.en.yml
index ea9d08698..2b330f368 100644
--- a/translations/messages.en.yml
+++ b/translations/messages.en.yml
@@ -687,6 +687,7 @@ flashes:
             archived_reset: Archived entries deleted
             otp_enabled: Two-factor authentication enabled
             otp_disabled: Two-factor authentication disabled
+            otp_code_invalid: Invalid two-factor authentication code
             tagging_rules_imported: Tagging rules imported
             tagging_rules_not_imported: Error while importing tagging rules
             ignore_origin_rules_deleted: 'Ignore origin rule deleted'