diff --git a/demo-site/views/index.erb b/demo-site/views/index.erb
index 35d18465..cfd31a9b 100644
--- a/demo-site/views/index.erb
+++ b/demo-site/views/index.erb
@@ -16,7 +16,7 @@
     <% if rodauth.logged_in_via_remember_key? %>
       <li><a href="/confirm-password">Confirm Password</a></li>
     <% end %>
-    <% if rodauth.uses_two_factor_authentication? && !rodauth.two_factor_authenticated? %>
+    <% if rodauth.two_factor_authentication_pending? %>
       <li><a href="/multifactor-auth">Authenticate Using Additional Factor</a></li>
     <% else %>
       <li><a href="/multifactor-manage">Manage Multifactor Authentication</a></li>
diff --git a/lib/rodauth/features/two_factor_base.rb b/lib/rodauth/features/two_factor_base.rb
index 250845fb..f8f53cbd 100644
--- a/lib/rodauth/features/two_factor_base.rb
+++ b/lib/rodauth/features/two_factor_base.rb
@@ -124,23 +124,12 @@ def two_factor_modifications_require_password?
     end
 
     def authenticated?
-      # False if not authenticated via single factor
-      return false unless super
-
-      # True if already authenticated via 2nd factor
-      return true if two_factor_authenticated?
-
-      # True if authenticated via single factor and 2nd factor not setup 
-      !uses_two_factor_authentication?
+      super && !two_factor_authentication_pending?
     end
 
     def require_authentication
       super
-
-      # Avoid database query if already authenticated via 2nd factor
-      return if two_factor_authenticated?
-
-      require_two_factor_authenticated if uses_two_factor_authentication?
+      require_two_factor_authenticated if two_factor_authentication_pending?
     end
 
     def require_two_factor_setup
@@ -188,6 +177,10 @@ def two_factor_password_match?(password)
       end
     end
 
+    def two_factor_authentication_pending?
+      !two_factor_authenticated? && uses_two_factor_authentication?
+    end
+
     def two_factor_authenticated?
       authenticated_by && authenticated_by.length >= 2
     end