diff --git a/docker/ss-atlas/templates/pages/dashboard.html b/docker/ss-atlas/templates/pages/dashboard.html
index e6ed1c1..4a42827 100644
--- a/docker/ss-atlas/templates/pages/dashboard.html
+++ b/docker/ss-atlas/templates/pages/dashboard.html
@@ -245,9 +245,8 @@
         best way to ensure your account is never compromised and used without your knowledge.
       </div>
       <div class="actions">
-        <a href="{{.AutheliaURL}}/#/settings" class="btn btn-outline btn-sm">Set Up Passkey</a>
-        <a href="{{.AutheliaURL}}/#/settings" class="btn btn-outline btn-sm">Set Up TOTP App</a>
-        <a href="{{.AutheliaURL}}/#/settings" class="btn btn-outline btn-sm">Change Password</a>
+        <a href="{{.AutheliaURL}}/settings/two-factor-authentication" class="btn btn-outline btn-sm">Set Up Passkey / TOTP</a>
+        <a href="{{.AutheliaURL}}/settings/security" class="btn btn-outline btn-sm">Change Password</a>
       </div>
     </div>
     {{else}}
diff --git a/stack.yml b/stack.yml
index 5a5d7e6..835794b 100644
--- a/stack.yml
+++ b/stack.yml
@@ -77,7 +77,7 @@ services:
         echo "$${CLIENT_SECRET_HEADADMIN}" > /run/secrets/CLIENT_SECRET_HEADADMIN
         echo "$${CLIENT_SECRET_PORTAINER}" > /run/secrets/CLIENT_SECRET_PORTAINER
         echo "$${CLIENT_SECRET_GITEA}" > /run/secrets/CLIENT_SECRET_GITEA
-        { echo 'access_control:'; echo '  default_policy: deny'; echo '  rules:'; echo '    - domain: login.bc.a250.ca'; echo '      policy: bypass'; echo '    - domain: app.bc.a250.ca'; echo '      policy: bypass'; echo '      resources:'; echo "        - '^/$$'"; echo "        - '^/subscribe$$'"; echo "        - '^/success(\\?.*)?$$'"; echo "        - '^/webhook/stripe$$'"; echo "        - '^/resend-reset$$'"; echo "        - '^/health$$'"; echo "        - '^/version$$'"; echo '    - domain: app.bc.a250.ca'; echo '      policy: one_factor'; echo '      resources:'; echo "        - '^/dashboard$$'"; echo "        - '^/activate$$'"; echo "        - '^/portal$$'"; echo "        - '^/resubscribe$$'"; echo "        - '^/stack-manage$$'"; echo '    - domain:'; echo '        - lldap.bc.a250.ca'; echo '        - whoami.bc.a250.ca'; echo '      policy: bypass'; echo '    - domain: "{user}.bc.a250.ca"'; echo '      policy: one_factor'; echo '    - domain: "*.bc.a250.ca"'; echo '      policy: deny'; } > /config/configuration.acl.yml
+        { echo 'access_control:'; echo '  default_policy: deny'; echo '  rules:'; echo '    - domain: login.bc.a250.ca'; echo '      policy: bypass'; echo '    - domain: app.bc.a250.ca'; echo '      policy: bypass'; echo '      resources:'; echo "        - '^/$$'"; echo "        - '^/subscribe$$'"; echo "        - '^/success(\\?.*)?$$'"; echo "        - '^/webhook/stripe$$'"; echo "        - '^/resend-reset$$'"; echo "        - '^/health$$'"; echo "        - '^/version$$'"; echo '    - domain: app.bc.a250.ca'; echo '      policy: one_factor'; echo '      resources:'; echo "        - '^/dashboard$$'"; echo "        - '^/activate$$'"; echo "        - '^/portal$$'"; echo "        - '^/resubscribe$$'"; echo "        - '^/stack-manage$$'"; echo '    - domain:'; echo '        - lldap.bc.a250.ca'; echo '        - whoami.bc.a250.ca'; echo '      policy: bypass'; echo '    - domain: "{user}.bc.a250.ca"'; echo '      policy: two_factor'; echo '    - domain: "*.bc.a250.ca"'; echo '      policy: deny'; } > /config/configuration.acl.yml
         exec authelia --config=/config/configuration.server.yml --config=/config/configuration.ldap.yml --config=/config/configuration.acl.yml --config=/config/configuration.notifier.yml --config=/config/configuration.identity.providers.yml --config=/config/configuration.oidc.clients.yml
     environment:
       X_AUTHELIA_EMAIL: authelia@a250.ca