diff --git a/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs b/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
index eca2501a63..d002cc2111 100644
--- a/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
+++ b/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
@@ -68,11 +68,13 @@ public class SecuritySettings
     /// <summary>
     ///     Gets or sets a value for the user password settings.
     /// </summary>
+    [Obsolete("This no longer works. You can now inject this by using IOptions<UserPasswordConfigurationSettings> instead, scheduled for removal in v13")]
     public UserPasswordConfigurationSettings? UserPassword { get; set; }
 
     /// <summary>
     ///     Gets or sets a value for the member password settings.
     /// </summary>
+    [Obsolete("This no longer works. You can now inject this by using IOptions<MemberPasswordConfigurationSettings> instead, scheduled for removal in v13")]
     public MemberPasswordConfigurationSettings? MemberPassword { get; set; }
 
     /// <summary>
diff --git a/src/Umbraco.Infrastructure/Security/IdentityMapDefinition.cs b/src/Umbraco.Infrastructure/Security/IdentityMapDefinition.cs
index 9c3b85af53..cf6f08c65b 100644
--- a/src/Umbraco.Infrastructure/Security/IdentityMapDefinition.cs
+++ b/src/Umbraco.Infrastructure/Security/IdentityMapDefinition.cs
@@ -1,6 +1,7 @@
 // Copyright (c) Umbraco.
 // See LICENSE for more details.
 
+using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
 using Umbraco.Cms.Core.Cache;
 using Umbraco.Cms.Core.Configuration.Models;
@@ -8,6 +9,7 @@ using Umbraco.Cms.Core.Mapping;
 using Umbraco.Cms.Core.Models;
 using Umbraco.Cms.Core.Models.Membership;
 using Umbraco.Cms.Core.Services;
+using Umbraco.Cms.Web.Common.DependencyInjection;
 using Umbraco.Extensions;
 
 namespace Umbraco.Cms.Core.Security;
@@ -18,17 +20,35 @@ public class IdentityMapDefinition : IMapDefinition
     private readonly IEntityService _entityService;
     private readonly GlobalSettings _globalSettings;
     private readonly ILocalizedTextService _textService;
+    private readonly ITwoFactorLoginService _twoFactorLoginService;
 
     public IdentityMapDefinition(
         ILocalizedTextService textService,
         IEntityService entityService,
         IOptions<GlobalSettings> globalSettings,
-        AppCaches appCaches)
+        AppCaches appCaches,
+        ITwoFactorLoginService twoFactorLoginService)
     {
         _textService = textService;
         _entityService = entityService;
         _globalSettings = globalSettings.Value;
         _appCaches = appCaches;
+        _twoFactorLoginService = twoFactorLoginService;
+    }
+
+    [Obsolete("Use constructor that also takes an ITwoFactorLoginService. Scheduled for removal in V12")]
+    public IdentityMapDefinition(
+        ILocalizedTextService textService,
+        IEntityService entityService,
+        IOptions<GlobalSettings> globalSettings,
+        AppCaches appCaches)
+        : this(
+              textService,
+              entityService,
+              globalSettings,
+              appCaches,
+              StaticServiceProvider.Instance.GetRequiredService<ITwoFactorLoginService>())
+    {
     }
 
     public void DefineMaps(IUmbracoMapper mapper)
@@ -90,7 +110,7 @@ public class IdentityMapDefinition : IMapDefinition
         target.LockoutEnd = source.IsLockedOut ? DateTime.MaxValue.ToUniversalTime() : (DateTime?)null;
     }
 
-    // Umbraco.Code.MapAll -Id -LockoutEnabled -PhoneNumber -PhoneNumberConfirmed -TwoFactorEnabled -ConcurrencyStamp -NormalizedEmail -NormalizedUserName -Roles
+    // Umbraco.Code.MapAll -Id -LockoutEnabled -PhoneNumber -PhoneNumberConfirmed -ConcurrencyStamp -NormalizedEmail -NormalizedUserName -Roles
     private void Map(IMember source, MemberIdentityUser target)
     {
         target.Email = source.Email;
@@ -112,6 +132,7 @@ public class IdentityMapDefinition : IMapDefinition
         target.CreatedDateUtc = source.CreateDate.ToUniversalTime();
         target.Key = source.Key;
         target.MemberTypeAlias = source.ContentTypeAlias;
+        target.TwoFactorEnabled = _twoFactorLoginService.IsTwoFactorEnabledAsync(source.Key).GetAwaiter().GetResult();
 
         // NB: same comments re AutoMapper as per BackOfficeUser
     }
diff --git a/tests/Umbraco.Tests.UnitTests/Umbraco.Infrastructure/Security/MemberManagerTests.cs b/tests/Umbraco.Tests.UnitTests/Umbraco.Infrastructure/Security/MemberManagerTests.cs
index 0026240e8b..f745c06ceb 100644
--- a/tests/Umbraco.Tests.UnitTests/Umbraco.Infrastructure/Security/MemberManagerTests.cs
+++ b/tests/Umbraco.Tests.UnitTests/Umbraco.Infrastructure/Security/MemberManagerTests.cs
@@ -1,7 +1,3 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Logging;
@@ -46,7 +42,8 @@ public class MemberManagerTests
                 Mock.Of<ILocalizedTextService>(),
                 Mock.Of<IEntityService>(),
                 new TestOptionsSnapshot<GlobalSettings>(new GlobalSettings()),
-                AppCaches.Disabled),
+                AppCaches.Disabled,
+                Mock.Of<ITwoFactorLoginService>())
         };
 
         _fakeMemberStore = new MemberUserStore(