diff --git a/password_policy.admin.inc b/password_policy.admin.inc
index 4f25be6..a29612a 100644
--- a/password_policy.admin.inc
+++ b/password_policy.admin.inc
@@ -376,6 +376,7 @@ function password_policy_password_change_settings() {
     '#title' => t('Force password change on first-time login'),
     '#default_value' => variable_get('password_policy_new_login_change', 0),
   );
+
   $roles = user_roles(TRUE);
   $form['password_policy_force_change_roles'] = array(
     '#type' => 'checkboxes',
@@ -383,6 +384,15 @@ function password_policy_password_change_settings() {
     '#title' => t('Force users in the following roles to change their password'),
     '#description' => t('Users who are not signed in will be required to change their password immediately upon sign in. Users who are currently signed in will be required to change their password upon their next page click, but after changing their password will be redirected back to the page they were attempting to access.'),
   );
+
+  $form['password_policy_exclude_pages'] = array(
+    '#title' => t('Page Exclusion List'),
+    '#type' => 'textarea',
+    '#description' => t('The user will be able to access these pages without changing their password. This should always include the logout path.'),
+    '#default_value' => variable_get('password_policy_exclude_pages', 'logout'),  
+    '#wysiwyg' => FALSE,
+  );
+
   $form['submit'] = array(
     '#type' => 'submit',
     '#value' => t('Submit'),
@@ -397,6 +407,7 @@ function password_policy_password_change_settings_submit($form, &$form_state) {
   global $user;
   $selected_roles = array();
   variable_set('password_policy_new_login_change', $form_state['values']['password_policy_new_login_change']);
+  variable_set('password_policy_exclude_pages', $form_state['values']['password_policy_exclude_pages']);
   if ($form_state['values']['password_policy_new_login_change'] == 1) {
     watchdog('password policy', t('New user accounts must change password on new login enabled by !admin', array('!admin' => $user->name)), array(), WATCHDOG_NOTICE);
   }
diff --git a/password_policy.module b/password_policy.module
index 449a24f..385cd41 100644
--- a/password_policy.module
+++ b/password_policy.module
@@ -34,7 +34,15 @@ function password_policy_init() {
   $change_password_url = 'user/'. $account->uid .'/edit'. (module_exists('password_policy_password_tab') ? '/password' : '');
   if ($account->force_password_change && $_GET['q'] != $change_password_url) {
     // let users log out
-    if (arg(0) != 'logout') {
+    $path = drupal_get_path_alias($_GET['q']);
+    // Compare with the internal and path alias (if any).
+    $pages = variable_get('password_policy_exclude_pages', 'logout');
+    $page_match = drupal_match_path($path, $pages);
+    if ($path != $_GET['q']) {
+      $page_match = $page_match || drupal_match_path($_GET['q'], $pages);
+    }
+
+    if (!$page_match) {
       drupal_set_message(t('Your password has expired. You must change your password to proceed on the site.'), 'error', FALSE);
       drupal_goto($change_password_url, drupal_get_destination());
     }