diff --git a/auth.c b/auth.c
index 292f4ce..5ef304f 100644
--- a/auth.c
+++ b/auth.c
@@ -474,9 +474,9 @@ static int process_auth_form(struct openconnect_info *vpninfo,
 	UI *ui = UI_new();
 	char banner_buf[1024], msg_buf[1024], err_buf[1024];
 	char username[80], password[80], tpin[80], *passresult = password;
-	char choice_prompt[1024], choice_resp[80];
+	char choice_prompt[1024], choice_resp[80], two_password[80];
 	int ret = 0, is_securid = 0;
-	struct oc_form_opt *opt, *pass_opt = NULL, *user_opt = NULL;
+	struct oc_form_opt *opt, *pass_opt = NULL, *user_opt = NULL, *two_pass_opt = NULL;;
 	struct oc_form_opt_select *select_opt = NULL;
 
 	username[0] = 0;
@@ -528,8 +528,8 @@ static int process_auth_form(struct openconnect_info *vpninfo,
 					ret = -ENOMEM;
 					goto out_ui;
 				}
-			} else
-				pass_opt = opt;
+			} else 
+			  if (pass_opt) two_pass_opt=opt; else pass_opt = opt;
 		} else if (opt->type == OC_FORM_OPT_SELECT) {
 			struct oc_choice *choice = NULL;
 			int i;
@@ -616,6 +616,8 @@ static int process_auth_form(struct openconnect_info *vpninfo,
 	} else if (pass_opt) {
 		/* No echo */
 		UI_add_input_string(ui, pass_opt->label, 0, password, 1, 80);
+		if (two_pass_opt)
+		  UI_add_input_string(ui, two_pass_opt->label, 0, two_password, 1, 80);
 	}
 
 	switch (UI_process(ui)) {
@@ -678,8 +680,13 @@ static int process_auth_form(struct openconnect_info *vpninfo,
 
 	if (pass_opt) {
 		pass_opt->value = strdup(passresult);
-		if (!pass_opt)
+		if (!pass_opt->value)
 			return -ENOMEM;
+		if (pass_opt) {
+		  two_pass_opt->value = strdup(two_password);
+		  if (!two_pass_opt->value)
+		    return -ENOMEM;
+		}
 	}
 
 	if (vpninfo->password) {