diff --git a/src/Security/MemberAuthenticator/ChangePasswordHandler.php b/src/Security/MemberAuthenticator/ChangePasswordHandler.php
index 18bcabc00..a5087a368 100644
--- a/src/Security/MemberAuthenticator/ChangePasswordHandler.php
+++ b/src/Security/MemberAuthenticator/ChangePasswordHandler.php
@@ -3,12 +3,15 @@
 
 namespace SilverStripe\Security\MemberAuthenticator;
 
+use Psr\Container\NotFoundExceptionInterface;
 use SilverStripe\Control\Controller;
 use SilverStripe\Control\HTTPResponse;
 use SilverStripe\Control\RequestHandler;
+use SilverStripe\Core\Config\Config;
 use SilverStripe\Core\Injector\Injector;
 use SilverStripe\ORM\FieldType\DBDatetime;
 use SilverStripe\ORM\FieldType\DBField;
+use SilverStripe\ORM\ValidationException;
 use SilverStripe\Security\Authenticator;
 use SilverStripe\Security\IdentityStore;
 use SilverStripe\Security\Member;
@@ -195,6 +198,8 @@ class ChangePasswordHandler extends RequestHandler
      * @param array $data The user submitted data
      * @param ChangePasswordForm $form
      * @return HTTPResponse
+     * @throws ValidationException
+     * @throws NotFoundExceptionInterface
      */
     public function doChangePassword(array $data, $form)
     {
@@ -272,13 +277,12 @@ class ChangePasswordHandler extends RequestHandler
         $member->AutoLoginExpired = DBDatetime::create()->now();
         $member->write();
 
-        if ($member->canLogIn()) {
+        if ($member->canLogin()) {
             /** @var IdentityStore $identityStore */
             $identityStore = Injector::inst()->get(IdentityStore::class);
             $identityStore->logIn($member, false, $this->getRequest());
         }
 
-        // TODO Add confirmation message to login redirect
         $session->clear('AutoLoginHash');
 
         // Redirect to backurl
@@ -290,6 +294,10 @@ class ChangePasswordHandler extends RequestHandler
             return $this->redirect($backURL);
         }
 
+        $backURL = Security::config()->get('default_reset_password_dest');
+        if ($backURL) {
+            return $this->redirect($backURL);
+        }
         // Redirect to default location - the login form saying "You are logged in as..."
         $url = Security::singleton()->Link('login');
 
diff --git a/src/Security/Security.php b/src/Security/Security.php
index d61626971..7cb1ced5c 100644
--- a/src/Security/Security.php
+++ b/src/Security/Security.php
@@ -1266,6 +1266,14 @@ class Security extends Controller implements TemplateGlobalProvider
      */
     private static $default_login_dest = "";
 
+    /**
+     * @config
+     * @var string Set the default reset password destination
+     * This is the URL that users will be redirected to after they change their password,
+     * By default, it's redirecting to {@link $login}.
+     */
+    private static $default_reset_password_dest;
+
     protected static $ignore_disallowed_actions = false;
 
     /**