diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/Local.php b/src/opnsense/mvc/app/library/OPNsense/Auth/Local.php
index 71b69eab4..b0f7569a9 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/Local.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/Local.php
@@ -106,7 +106,10 @@ class Local extends Base implements IAuthConnector
     }
 
     /**
-     * check if the user should change his or hers password, calculated by the time difference of the last pwd change
+     * check if the user should change his or hers password,
+     * calculated by the time difference of the last pwd change
+     * and other criteria through checkPolicy() if password was
+     * given
      * @param string $username username to check
      */
     public function shouldChangePassword($username, $password = null)
diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php b/src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php
index eaac0b6a0..955333a1e 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php
@@ -173,6 +173,16 @@ trait TOTP
         return false;
     }
 
+    /**
+     * check if the user should change his or hers password
+     * @param string $username username to check
+     */
+    public function shouldChangePassword($username, $password = null)
+    {
+        /* XXX deconstruct password and pass it */
+        return parent::shouldChangePassword($username);
+    }
+
     /**
      * set TOTP specific connector properties
      * @param array $config connection properties