diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index f67924bb8..942f3c93f 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -1242,6 +1242,13 @@ $createSession = function (string $userId, string $secret, Request $request, Res
     $sessionSecret = Auth::tokenGenerator(Auth::TOKEN_LENGTH_SESSION);
     $expire = DateTime::formatTz(DateTime::addSeconds(new \DateTime(), $duration));
 
+    $factor = match($verifiedToken->getAttribute('type')) {
+        Auth::TOKEN_TYPE_MAGIC_URL, Auth::TOKEN_TYPE_OAUTH2 => 'email',
+        Auth::TOKEN_TYPE_PHONE => 'phone',
+        Auth::TOKEN_TYPE_GENERIC => 'token',
+        default => throw new Exception(Exception::USER_INVALID_TOKEN)
+    };
+
     $session = new Document(array_merge(
         [
             '$id' => ID::unique(),
@@ -1251,6 +1258,7 @@ $createSession = function (string $userId, string $secret, Request $request, Res
             'secret' => Auth::hash($sessionSecret), // One way hash encryption to protect DB leak
             'userAgent' => $request->getUserAgent('UNKNOWN'),
             'ip' => $request->getIP(),
+            'factors' => [$factor],
             'countryCode' => ($record) ? \strtolower($record['country']['iso_code']) : '--',
         ],
         $detector->getOS(),