2FA skipped on password expiry (forced reset after x days)

I was just prompted to reset the password of one of my user test accounts. After creating the new password, ERPNext shot me straight through to the home page, ignoring the 2FA that I have enabled for this account.

This doesn’t seem right to me, I feel a redirect back to the login page would be more prudent. Has anyone experienced this issue, or have any input as to why this is occurring?

Cheers!