diff --git a/inc/inc.Authentication.php b/inc/inc.Authentication.php
index ebba827b2..142ff7ae0 100644
--- a/inc/inc.Authentication.php
+++ b/inc/inc.Authentication.php
@@ -130,7 +130,7 @@ if($isajax)
 
 if (!$user->isAdmin() && $origuser == null) {
 	if($settings->_passwordExpiration > 0) {
-		if(!in_array(basename($_SERVER['SCRIPT_NAME']), ['out.ForcePasswordChange.php', 'op.EditUserData.php', 'op.Logout.php'])) {
+		if(!in_array(basename($_SERVER['SCRIPT_NAME']), ['out.Setup2Factor.php', 'op.Setup2Factor.php', 'out.ForcePasswordChange.php', 'op.EditUserData.php', 'op.Logout.php'])) {
 			$pwdexp = $user->getPwdExpiration();
 			if($pwdexp && substr($pwdexp, 0, 10) != '0000-00-00') {
 				$pwdexpts = strtotime($pwdexp); // + $pwdexp*86400;
@@ -148,7 +148,7 @@ if (!$user->isAdmin() && $origuser == null) {
  * already on the page Setup2Factor.php and no user substiation has occured.
  */
 if($settings->_enable2FactorAuthentication && $settings->_guestID != $user->getID() && $settings->_autoLoginUser != $user->getID() && $origuser == null && $user->getSecret() == '') {
-	if(!in_array(basename($_SERVER['SCRIPT_NAME']), ['out.Setup2Factor.php', 'op.Setup2Factor.php', 'op.Logout.php'])) {
+	if(!in_array(basename($_SERVER['SCRIPT_NAME']), ['out.ForcePasswordChange.php', 'out.Setup2Factor.php', 'op.Setup2Factor.php', 'op.Logout.php'])) {
 		header("Location: ../out/out.Setup2Factor.php");
 		exit;
 	}