diff --git a/password_policy.module b/password_policy.module
index d47adf9..28c23e2 100644
--- a/password_policy.module
+++ b/password_policy.module
@@ -38,7 +38,14 @@ function password_policy_init() {
     // let users log out
     if (current_path() != 'user/logout') {
       drupal_set_message(t('Your password has expired. You must change your password to proceed on the site.'), 'error', FALSE);
-      drupal_goto($change_password_url, drupal_get_destination());
+
+      // We need to preserve the password reset token to hide the Current
+      // Password field on first login.
+      $destination = drupal_get_destination();
+      if (isset($_REQUEST['pass-reset-token'])) {
+        $destination['query']['pass-reset-token'] = $_REQUEST['pass-reset-token'];
+      }
+      drupal_goto($change_password_url, $destination);
     }
   }
 }