diff --git a/app/src/main/java/sh/sar/basedbank/LockActivity.kt b/app/src/main/java/sh/sar/basedbank/LockActivity.kt
index dc6355f..98127d2 100644
--- a/app/src/main/java/sh/sar/basedbank/LockActivity.kt
+++ b/app/src/main/java/sh/sar/basedbank/LockActivity.kt
@@ -264,6 +264,13 @@ class LockActivity : AppCompatActivity() {
         if (intent.getBooleanExtra(EXTRA_RESUME, false)) {
             finish()
         } else {
+            val store = CredentialStore(this)
+            val hasCredentials = store.hasMibCredentials() || store.hasBmlCredentials() || store.hasFahipayCredentials()
+            if (!hasCredentials) {
+                startActivity(Intent(this, sh.sar.basedbank.ui.login.LoginActivity::class.java))
+                finish()
+                return
+            }
             val navDest = intent.getIntExtra("nav_destination", -1)
             val autoScan = intent.getBooleanExtra("auto_scan", false)
             startActivity(Intent(this, HomeActivity::class.java).apply {
diff --git a/app/src/main/java/sh/sar/basedbank/ui/onboarding/OnboardingActivity.kt b/app/src/main/java/sh/sar/basedbank/ui/onboarding/OnboardingActivity.kt
index b7f9318..77254a5 100644
--- a/app/src/main/java/sh/sar/basedbank/ui/onboarding/OnboardingActivity.kt
+++ b/app/src/main/java/sh/sar/basedbank/ui/onboarding/OnboardingActivity.kt
@@ -109,6 +109,9 @@ class OnboardingActivity : AppCompatActivity(), SecuritySetupFragment.Callback {
 
         binding.btnGetStarted.setOnClickListener {
             prefs.edit().putBoolean("onboarding_done", true).apply()
+            // Mark as unlocked so LoginActivity doesn't redirect to LockActivity.
+            // The user just completed setup — they shouldn't have to re-authenticate immediately.
+            (application as BasedBankApp).isUnlocked = true
             startActivity(Intent(this, LoginActivity::class.java))
             finish()
         }