diff --git a/app/main/dao/users_dao.py b/app/main/dao/users_dao.py
index cf57aa753..93f84fba8 100644
--- a/app/main/dao/users_dao.py
+++ b/app/main/dao/users_dao.py
@@ -52,10 +52,9 @@ def is_email_unique(email_address):
     return True
 
 
-def request_password_reset(email):
-    user = get_user_by_email(email)
+def request_password_reset(user):
     user.state = 'request_password_reset'
-    # TODO update user
+    user_api_client.update_user(user)
 
 
 def send_verify_code(user_id, code_type, to=None):
diff --git a/app/main/forms.py b/app/main/forms.py
index 0647bd80a..e7136b43c 100644
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -221,8 +221,17 @@ class TemplateForm(Form):
 
 
 class ForgotPasswordForm(Form):
+
+    def __init__(self, user_email_exists_func, *args, **kwargs):
+        self._user_email_exists_func = user_email_exists_func
+        super(ForgotPasswordForm, self).__init__(*args, **kwargs)
+
     email_address = email_address()
 
+    def validate_email_address(self, field):
+        if not self._user_email_exists_func(field.data):
+            raise ValidationError('The email is not registered on our system')
+
 
 class NewPasswordForm(Form):
     new_password = password()
diff --git a/app/main/views/forgot_password.py b/app/main/views/forgot_password.py
index 21d7d8f1c..64629c28b 100644
--- a/app/main/views/forgot_password.py
+++ b/app/main/views/forgot_password.py
@@ -7,13 +7,15 @@ from app.notify_client.sender import send_change_password_email
 
 @main.route('/forgot-password', methods=['GET', 'POST'])
 def forgot_password():
-    form = ForgotPasswordForm()
+
+    def _email_exists(email):
+        return not users_dao.is_email_unique(email)
+
+    form = ForgotPasswordForm(_email_exists)
     if form.validate_on_submit():
-        if users_dao.get_user_by_email(form.email_address.data):
-            users_dao.request_password_reset(form.email_address.data)
-            send_change_password_email(form.email_address.data)
-            return render_template('views/password-reset-sent.html')
-        else:
-            current_app.logger.info('The email address used does not exist.')
-    else:
-        return render_template('views/forgot-password.html', form=form)
+        user = users_dao.get_user_by_email(form.email_address.data)
+        users_dao.request_password_reset(user)
+        send_change_password_email(form.email_address.data)
+        return render_template('views/password-reset-sent.html')
+
+    return render_template('views/forgot-password.html', form=form)
diff --git a/app/main/views/user_profile.py b/app/main/views/user_profile.py
index bcb138698..1d230ee6a 100644
--- a/app/main/views/user_profile.py
+++ b/app/main/views/user_profile.py
@@ -186,7 +186,7 @@ def user_profile_password():
 
     # Validate password for form
     def _check_password(pwd):
-        return verify_password(current_user, pwd)
+        return verify_password(current_user.id, pwd)
     form = ChangePasswordForm(_check_password)
 
     if form.validate_on_submit():
diff --git a/tests/app/main/views/test_user_profile.py b/tests/app/main/views/test_user_profile.py
index df73d9bdf..58ce2bbed 100644
--- a/tests/app/main/views/test_user_profile.py
+++ b/tests/app/main/views/test_user_profile.py
@@ -203,7 +203,8 @@ def test_should_redirect_after_mobile_number_authenticate(app_,
                                                           api_user_active,
                                                           mock_login,
                                                           mock_get_user,
-                                                          mock_verify_password):
+                                                          mock_verify_password,
+                                                          mock_send_verify_code):
     with app_.test_request_context():
         with app_.test_client() as client:
             client.login(api_user_active)