diff -u b/src/EventSubscriber/ForceTfaSetup.php b/src/EventSubscriber/ForceTfaSetup.php
--- b/src/EventSubscriber/ForceTfaSetup.php
+++ b/src/EventSubscriber/ForceTfaSetup.php
@@ -112,7 +112,11 @@
       return;
     }
 
-    if ($is_tfa_setup_last_chance && $this->routeMatch->getRouteName() === 'user.logout') {
+    // Don't redirect the user if on password/profile edit page,
+    // as it is possible the user used one-time login URL
+    // and need to change the password.
+    $ignored_route_names = ['user.logout', 'user.pass', 'entity.user.edit_form'];
+    if ($is_tfa_setup_last_chance && in_array($this->routeMatch->getRouteName(), $ignored_route_names)) {
       return;
     }