diff --git a/changelog/23894.txt b/changelog/23894.txt
new file mode 100644
index 000000000..a94e1428e
--- /dev/null
+++ b/changelog/23894.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: Skip unnecessary deriving of policies during Login MFA Check.
+```
\ No newline at end of file
diff --git a/vault/request_handling.go b/vault/request_handling.go
index 76b3837a5..0c34ad8b3 100644
--- a/vault/request_handling.go
+++ b/vault/request_handling.go
@@ -1659,7 +1659,7 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
 		source := c.router.MatchingMount(ctx, req.Path)
 
 		// Login MFA
-		entity, _, err := c.fetchEntityAndDerivedPolicies(ctx, ns, auth.EntityID, false)
+		entity, _, err := c.fetchEntityAndDerivedPolicies(ctx, ns, auth.EntityID, true)
 		if err != nil {
 			return nil, nil, ErrInternalError
 		}