diff --git a/app/auth/views/reset_password.py b/app/auth/views/reset_password.py
index ee21683b..cf8cb507 100644
--- a/app/auth/views/reset_password.py
+++ b/app/auth/views/reset_password.py
@@ -4,6 +4,7 @@ from flask_wtf import FlaskForm
 from wtforms import StringField, validators
 
 from app.auth.base import auth_bp
+from app.auth.views.login_utils import after_login
 from app.extensions import db, limiter
 from app.models import ResetPasswordCode
 
@@ -57,10 +58,10 @@ def reset_password():
 
         # remove the reset password code
         ResetPasswordCode.delete(reset_password_code.id)
-
         db.session.commit()
-        login_user(user)
 
-        return redirect(url_for("dashboard.index"))
+        # do not use login_user(user) here
+        # to make sure user needs to go through MFA if enabled
+        return after_login(user, url_for("dashboard.index"))
 
     return render_template("auth/reset_password.html", form=form)