diff --git a/app/models/user.rb b/app/models/user.rb
index 40a430489..6126e7004 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -125,6 +125,7 @@ class User < ApplicationRecord
 
   def need_two_factor_authentication?(_request)
     return false if Rails.env.development?
+    return false if Rails.env.review?
 
     support?
   end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 450e334a7..bd6555348 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -159,6 +159,19 @@ RSpec.describe User, type: :model do
         expect(user.need_two_factor_authentication?(nil)).to be false
       end
     end
+
+    context "when the user is in review environment" do
+      let(:user) { FactoryBot.create(:user, :support) }
+
+      before do
+        allow(Rails.env).to receive(:development?).and_return(false)
+        allow(Rails.env).to receive(:review?).and_return(true)
+      end
+
+      it "does not require 2FA" do
+        expect(user.need_two_factor_authentication?(nil)).to be false
+      end
+    end
   end
 
   describe "paper trail" do