diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb
index 95fcf0356..ebdde1606 100644
--- a/app/controllers/auth/passwords_controller.rb
+++ b/app/controllers/auth/passwords_controller.rb
@@ -37,7 +37,7 @@ class Auth::PasswordsController < Devise::PasswordsController
         set_flash_message!(:notice, password_update_flash_message)
         resource.after_database_authentication
         sign_in(resource_name, resource)
-        warden.session(:admin_user)[TwoFactorAuthentication::NEED_AUTHENTICATION] = true if resource_class == AdminUser
+        set_2fa_required
       else
         set_flash_message!(:notice, :updated_not_active)
       end
@@ -50,6 +50,12 @@ class Auth::PasswordsController < Devise::PasswordsController
 
 protected
 
+  def set_2fa_required
+    return unless resource_class == AdminUser
+
+    warden.session(resource_class.name.underscore)[TwoFactorAuthentication::NEED_AUTHENTICATION] = true
+  end
+
   def password_update_flash_message
     resource_class == AdminUser ? :updated_2FA : :updated
   end