diff --git a/config/config.sample.php b/config/config.sample.php
index 2a368965fb..ffdce5cc2d 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -194,6 +194,13 @@ $CONFIG = array(
  */
 'session_keepalive' => true,
 
+/**
+ * Enforce token authentication for clients, which blocks requests using the user
+ * password for enhanced security. Users need to generate tokens in personal settings
+ * which can be used as passwords on their clients.
+ */
+'token_auth_enforced' => false,
+
 /**
  * The directory where the skeleton files are located. These files will be
  * copied to the data directory of new users. Leave empty to not copy any
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index cd867dace7..c77cfedba4 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -368,6 +368,9 @@ class Session implements IUserSession, Emitter {
 			array('uid' => &$username)
 		);
 		$user = $this->manager->get($username);
+		if (is_null($user)) {
+			return true;
+		}
 		// DI not possible due to cyclic dependencies :'-/
 		return OC::$server->getTwoFactorAuthManager()->isTwoFactorAuthenticated($user);
 	}