diff --git a/api/s5/http.go b/api/s5/http.go
index c377a46..4f02fe9 100644
--- a/api/s5/http.go
+++ b/api/s5/http.go
@@ -43,6 +43,7 @@ var (
 	errEmailAlreadyExists          = errors.New("Email already exists")
 	errGeneratingPassword          = errors.New("Error generating password")
 	errPubkeyAlreadyExists         = errors.New("Pubkey already exists")
+	errPubkeyNotExist              = errors.New("Pubkey does not exist")
 	errAccountLoginErr             = errors.New(errAccountLogin)
 )
 
@@ -394,6 +395,13 @@ func (h *HttpHandler) AccountLoginChallenge(jc jape.Context) {
 		return
 	}
 
+	pubkeyExists, _ := h.portal.Accounts().PubkeyExists(hex.EncodeToString(decodedKey[1:]))
+
+	if pubkeyExists {
+		errored(errPubkeyNotExist)
+		return
+	}
+
 	result := h.portal.Database().Create(&models.S5Challenge{
 		Challenge: base64.RawURLEncoding.EncodeToString(challenge),
 		Type:      "login",