diff --git a/app/main/views/two_factor.py b/app/main/views/two_factor.py
index 325225ae2..1450a9d8d 100644
--- a/app/main/views/two_factor.py
+++ b/app/main/views/two_factor.py
@@ -1,6 +1,6 @@
 
 from flask import (
-    render_template, redirect, jsonify, session, url_for)
+    render_template, redirect, session, url_for)
 
 from flask_login import login_user
 
@@ -33,7 +33,7 @@ def two_factor():
             login_user(user, remember=form.remember_me.data if form.remember_me.data else False)
         finally:
             del session['user_details']
-        if (len(services) == 1):
+        if len(services) == 1:
             return redirect(url_for('main.service_dashboard', service_id=services[0]['id']))
         else:
             return redirect(url_for('main.choose_service'))
diff --git a/tests/app/main/views/test_new_password.py b/tests/app/main/views/test_new_password.py
index 84106354e..6ad5ef075 100644
--- a/tests/app/main/views/test_new_password.py
+++ b/tests/app/main/views/test_new_password.py
@@ -3,7 +3,6 @@ from datetime import datetime
 
 from flask import url_for
 from utils.url_safe_token import generate_token
-import pytest
 
 
 def test_should_render_new_password_template(app_,
diff --git a/tests/app/main/views/test_two_factor.py b/tests/app/main/views/test_two_factor.py
index a89d8b03c..e2ce5fcc0 100644
--- a/tests/app/main/views/test_two_factor.py
+++ b/tests/app/main/views/test_two_factor.py
@@ -1,7 +1,5 @@
 from flask import url_for
 
-from tests import create_test_user
-
 
 def test_should_render_two_factor_page(app_,
                                        api_user_active,
@@ -109,3 +107,30 @@ def test_remember_me_set(app_,
             response = client.post(url_for('main.two_factor'),
                                    data={'sms_code': '23456', 'remember_me': True})
             assert response.status_code == 302
+
+
+def test_two_factor_should_set_password_when_new_password_exists_in_session(app_,
+                                                                            api_user_active,
+                                                                            mock_get_user,
+                                                                            mock_check_verify_code,
+                                                                            mock_get_services_with_one_service,
+                                                                            mock_update_user):
+    with app_.test_request_context():
+        with app_.test_client() as client:
+            with client.session_transaction() as session:
+                session['user_details'] = {
+                    'id': api_user_active.id,
+                    'email': api_user_active.email_address,
+                    'password': 'changedpassword'}
+
+            response = client.post(url_for('main.two_factor'),
+                                   data={'sms_code': '12345'})
+
+            assert response.status_code == 302
+            assert response.location == url_for(
+                'main.service_dashboard',
+                service_id="596364a0-858e-42c8-9062-a8fe822260eb",
+                _external=True
+            )
+            api_user_active.password = 'changedpassword'
+            mock_update_user.assert_called_once_with(api_user_active)