diff --git a/src/Model/Table/OtpCodesTable.php b/src/Model/Table/OtpCodesTable.php
index 2ea83ac8a..87d14c066 100644
--- a/src/Model/Table/OtpCodesTable.php
+++ b/src/Model/Table/OtpCodesTable.php
@@ -26,6 +26,7 @@
 use CakeDC\Users\Mailer\SMSMailer;
 use CakeDC\Users\Mailer\UsersMailer;
 use CakeDC\Users\Model\Entity\OtpCode;
+use CakeDC\Users\Plugin;
 
 /**
  * OtpCodes Model
@@ -191,9 +192,11 @@ public function validateCode2f($userId, $code): bool
             $this->save($otpCode);
             throw new \InvalidArgumentException(__d('cake_d_c/users', 'Verification code is not valid. Please try again or request a new one.'));
         }
-        if (!$user->phone_verified) {
+        if (Configure::read('Code2f.type') === Code2fAuthenticationCheckerInterface::CODE2F_TYPE_PHONE && !$user->phone_verified) {
             $user->phone_verified = new FrozenTime();
-            $this->Users->save($user);
+            if ($this->Users->save($user)) {
+                $this->dispatchEvent(Plugin::EVENT_AFTER_PHONE_VERIFIED, ['user' => $user]);
+            }
         }
 
         $otpCode->validated = new FrozenTime();
diff --git a/src/Plugin.php b/src/Plugin.php
index b39c99565..d24e24374 100644
--- a/src/Plugin.php
+++ b/src/Plugin.php
@@ -42,6 +42,7 @@ class Plugin extends BasePlugin
     public const EVENT_ON_EXPIRED_TOKEN = 'Users.Global.onExpiredToken';
     public const EVENT_AFTER_RESEND_TOKEN_VALIDATION = 'Users.Global.afterResendTokenValidation';
     public const EVENT_AFTER_EMAIL_TOKEN_VALIDATION = 'Users.Global.afterEmailTokenValidation';
+    public const EVENT_AFTER_PHONE_VERIFIED = 'Users.Global.afterPhoneVerified';
 
     /**
      * @inheritDoc