diff --git a/Gemfile b/Gemfile
index f426e4113..10c87f297 100644
--- a/Gemfile
+++ b/Gemfile
@@ -32,7 +32,7 @@ gem 'iso-639'
 gem 'chewy', '~> 5.0'
 gem 'cld3', '~> 3.2.4'
 gem 'devise', '~> 4.6'
-gem 'devise-two-factor', '~> 3.0'
+gem 'devise-two-factor', '~> 3.1'
 
 group :pam_authentication, optional: true do
   gem 'devise_pam_authenticatable2', '~> 9.2'
diff --git a/Gemfile.lock b/Gemfile.lock
index 01675367d..284a09734 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -112,7 +112,7 @@ GEM
       aws-sigv4 (~> 1.1)
     aws-sigv4 (1.1.0)
       aws-eventstream (~> 1.0, >= 1.0.2)
-    bcrypt (3.1.12)
+    bcrypt (3.1.13)
     benchmark-ips (2.7.2)
     better_errors (2.5.1)
       coderay (>= 1.0.0)
@@ -194,11 +194,11 @@ GEM
       railties (>= 4.1.0, < 6.0)
       responders
       warden (~> 1.2.3)
-    devise-two-factor (3.0.3)
-      activesupport (< 5.3)
+    devise-two-factor (3.1.0)
+      activesupport (< 6.1)
       attr_encrypted (>= 1.3, < 4, != 2)
       devise (~> 4.0)
-      railties (< 5.3)
+      railties (< 6.1)
       rotp (~> 2.0)
     devise_pam_authenticatable2 (9.2.0)
       devise (>= 4.0.0)
@@ -476,7 +476,7 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.1.0)
+    rails-html-sanitizer (1.2.0)
       loofah (~> 2.2, >= 2.2.2)
     rails-i18n (5.1.3)
       i18n (>= 0.7, < 2)
@@ -518,9 +518,9 @@ GEM
     regexp_parser (1.6.0)
     request_store (1.4.1)
       rack (>= 1.4)
-    responders (2.4.1)
-      actionpack (>= 4.2.0, < 6.0)
-      railties (>= 4.2.0, < 6.0)
+    responders (3.0.0)
+      actionpack (>= 5.0)
+      railties (>= 5.0)
     rotp (2.1.2)
     rpam2 (4.0.2)
     rqrcode (0.10.1)
@@ -690,7 +690,7 @@ DEPENDENCIES
   connection_pool
   derailed_benchmarks
   devise (~> 4.6)
-  devise-two-factor (~> 3.0)
+  devise-two-factor (~> 3.1)
   devise_pam_authenticatable2 (~> 9.2)
   doorkeeper (~> 5.1)
   dotenv-rails (~> 2.7)