At this time the reset password flow through universal login does not support the flow you mention; in other words, MFA won’t be prompted as part of that flow. If you haven’t done so already I would suggest you to leave your feedback (use case) through Auth0: Secure access for everyone. But not just anyone.. I know this is already being tracked in product backlog, but I don’t believe to be something on the immediate plans so the more feedback received the better product team can gauge demand and requirements.