diff --git a/Oqtane.Server/Controllers/UserController.cs b/Oqtane.Server/Controllers/UserController.cs
index b17efbc8..dce3e443 100644
--- a/Oqtane.Server/Controllers/UserController.cs
+++ b/Oqtane.Server/Controllers/UserController.cs
@@ -123,8 +123,11 @@ namespace Oqtane.Controllers
                 filtered.UserId = user.UserId;
                 filtered.Username = user.Username;
                 filtered.DisplayName = user.DisplayName;
+
+                // restricted properties
                 filtered.Password = "";
                 filtered.TwoFactorCode = "";
+                filtered.SecurityStamp = "";
 
                 // include private properties if authenticated user is accessing their own user account os is an administrator
                 if (_userPermissions.IsAuthorized(User, user.SiteId, EntityNames.User, -1, PermissionNames.Write, RoleNames.Admin) || _userPermissions.GetUser(User).UserId == user.UserId)
diff --git a/Oqtane.Server/Managers/UserManager.cs b/Oqtane.Server/Managers/UserManager.cs
index 6de9c9d3..6772eb2d 100644
--- a/Oqtane.Server/Managers/UserManager.cs
+++ b/Oqtane.Server/Managers/UserManager.cs
@@ -64,6 +64,7 @@ namespace Oqtane.Managers
                 {
                     user.SiteId = siteid;
                     user.Roles = GetUserRoles(user.UserId, user.SiteId);
+                    user.SecurityStamp = _identityUserManager.FindByNameAsync(user.Username).GetAwaiter().GetResult()?.SecurityStamp;
                     user.Settings = _settings.GetSettings(EntityNames.User, user.UserId)
                         .ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
                 }
diff --git a/Oqtane.Shared/Models/User.cs b/Oqtane.Shared/Models/User.cs
index aca9dd9d..d5009fb5 100644
--- a/Oqtane.Shared/Models/User.cs
+++ b/Oqtane.Shared/Models/User.cs
@@ -59,6 +59,12 @@ namespace Oqtane.Models
         /// </summary>
         public DateTime? TwoFactorExpiry { get; set; }
 
+        /// <summary>
+        /// A token indicating if a user's security properties have been modified
+        /// </summary>
+        [NotMapped]
+        public string SecurityStamp { get; set; }
+
         /// <summary>
         /// Reference to the <see cref="Site"/> this user belongs to.
         /// </summary>
@@ -66,8 +72,7 @@ namespace Oqtane.Models
         public int SiteId { get; set; }
 
         /// <summary>
-        /// Role names this user has.
-        /// TODO: todoc - is this comma separated?
+        /// Semi-colon delimited list of role names for the user
         /// </summary>
         [NotMapped]
         public string Roles { get; set; }