diff --git a/class-two-factor-core.php b/class-two-factor-core.php
index cacf9f9f..8febda05 100644
--- a/class-two-factor-core.php
+++ b/class-two-factor-core.php
@@ -689,7 +689,7 @@ public static function destroy_current_session_for_user( $user ) {
 	 *
 	 * @return WP_User|WP_Error
 	 */
-	public static function filter_authenticate( $user, $username ) {
+	public static function filter_authenticate( $user, $username, $password ) {
 		if ( strlen( $username ) && $user instanceof WP_User && self::is_user_using_two_factor( $user->ID ) ) {
 			// Disable authentication requests for API requests for users with two-factor enabled.
 			if ( self::is_api_request() && ! self::is_user_api_login_enabled( $user->ID ) ) {