diff --git a/app/controllers/helpers/email.rb b/app/controllers/helpers/email.rb
new file mode 100644
index 000000000..9ff2c390f
--- /dev/null
+++ b/app/controllers/helpers/email.rb
@@ -0,0 +1,5 @@
+module Helpers::Email
+  def email_valid?(email)
+    email =~ URI::MailTo::EMAIL_REGEXP
+  end
+end
diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb
index da3b39158..6517b6581 100644
--- a/app/controllers/users/passwords_controller.rb
+++ b/app/controllers/users/passwords_controller.rb
@@ -1,8 +1,19 @@
 class Users::PasswordsController < Devise::PasswordsController
+  include Helpers::Email
+
   def reset_confirmation
+    self.resource = resource_class.new
     @email = params["email"]
-    flash[:notice] = "Reset password instructions have been sent to #{@email}"
-    render "devise/confirmations/reset"
+    if @email.empty?
+      resource.errors.add :email, "Enter an email address"
+      render "devise/passwords/new", status: :unprocessable_entity
+    elsif !email_valid?(@email)
+      resource.errors.add :email, "Enter an email address in the correct format, like name@example.com"
+      render "devise/passwords/new", status: :unprocessable_entity
+    else
+      flash[:notice] = "Reset password instructions have been sent to #{@email}"
+      render "devise/confirmations/reset"
+    end
   end
 
   def create
diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index e3915e25f..f81f8fb05 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -1,4 +1,6 @@
 class Users::SessionsController < Devise::SessionsController
+  include Helpers::Email
+
   def create
     self.resource = resource_class.new
     if params.dig("user", "email").empty?
@@ -15,10 +17,4 @@ class Users::SessionsController < Devise::SessionsController
       super
     end
   end
-
-private
-
-  def email_valid?(email)
-    email =~ URI::MailTo::EMAIL_REGEXP
-  end
 end
diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb
index 197c05574..1fd4e10ab 100644
--- a/app/views/devise/passwords/new.html.erb
+++ b/app/views/devise/passwords/new.html.erb
@@ -8,8 +8,9 @@
 <%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
   <div class="govuk-grid-row">
     <div class="govuk-grid-column-two-thirds">
+      <%= f.govuk_error_summary %>
+
       <h1 class="govuk-heading-l">Reset password</h1>
-      <%= render "devise/shared/error_messages", resource: resource %>
 
       <p class="govuk-body">Enter the email address you used to create your account.</p>
       <p class="govuk-body">We’ll email you a link to reset your password. This link will expire in 3 hours.</p>
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb
index 3aff3f6ea..d8fd2d9ce 100644
--- a/app/views/devise/registrations/edit.html.erb
+++ b/app/views/devise/registrations/edit.html.erb
@@ -11,6 +11,7 @@
       <h1 class="govuk-heading-l">Change your password</h1>
 
       <%= f.govuk_password_field :current_password,
+        label: { text: "Current password" },
         autocomplete: "current-password"
       %>
 
diff --git a/config/webpacker.yml b/config/webpacker.yml
index 21a4a0ada..0b2cfedde 100644
--- a/config/webpacker.yml
+++ b/config/webpacker.yml
@@ -16,7 +16,7 @@ default: &default
   cache_manifest: false
 
   # Extract and emit a css file
-  extract_css: true
+  extract_css: false
 
   static_assets_extensions:
     - .jpg
diff --git a/spec/features/user_spec.rb b/spec/features/user_spec.rb
index 5954fd6b8..92996691b 100644
--- a/spec/features/user_spec.rb
+++ b/spec/features/user_spec.rb
@@ -29,6 +29,21 @@ RSpec.describe "User Features" do
       expect(page).to have_current_path("/users/password/new")
     end
 
+    it " is shown an error message if they submit without entering an email address" do
+      visit("/users/password/new")
+      click_button("Send email")
+      expect(page).to have_selector("#error-summary-title")
+      expect(page).to have_selector("#user-email-field-error")
+    end
+
+    it " is shown an error message if they submit an invalid email address" do
+      visit("/users/password/new")
+      fill_in("user[email]", with: "thisisn'tanemail")
+      click_button("Send email")
+      expect(page).to have_selector("#error-summary-title")
+      expect(page).to have_selector("#user-email-field-error")
+    end
+
     it " is redirected to check your email page after submitting an email on the reset password page" do
       visit("/users/password/new")
       fill_in("user[email]", with: user.email)