diff --git a/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java
index f7f2509..2317b1c 100644
--- a/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java
+++ b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java
@@ -47,6 +47,7 @@ public class SecurityConfig {
 		// @formatter:off
 		http
 			.authorizeHttpRequests((authorize) -> authorize
+				.antMatchers("/favicon.ico").permitAll()
 				.mvcMatchers("/second-factor", "/third-factor").access(mfaAuthorizationManager)
 				.anyRequest().authenticated()
 			)