diff --git a/ruby/Gemfile b/ruby/Gemfile
index 3dbcaa1ab..aea5f3a7e 100644
--- a/ruby/Gemfile
+++ b/ruby/Gemfile
@@ -25,7 +25,7 @@ gem 'rails-observers', '0.1.2'
 gem 'protected_attributes' # needed to support attr_accessible
 
 gem "activerecord-import", "~> 0.4.1"
-
+gem "auto_strip_attributes"
 
 gem 'uuidtools', '2.1.2'
 gem 'bcrypt-ruby', '3.0.1'
diff --git a/ruby/Gemfile.lock b/ruby/Gemfile.lock
index f171ce759..66fd5b3f0 100644
--- a/ruby/Gemfile.lock
+++ b/ruby/Gemfile.lock
@@ -66,6 +66,8 @@ GEM
       amq-protocol (>= 1.3.0)
       eventmachine
     arel (6.0.3)
+    auto_strip_attributes (2.0.6)
+      activerecord (>= 3.0)
     aws-sdk (1.66.0)
       aws-sdk-v1 (= 1.66.0)
     aws-sdk-v1 (1.66.0)
@@ -445,6 +447,7 @@ DEPENDENCIES
   activerecord (> 4.2)
   activerecord-import (~> 0.4.1)
   amqp (= 1.0.2)
+  auto_strip_attributes
   aws-sdk (~> 1)
   bcrypt-ruby (= 3.0.1)
   builder
diff --git a/ruby/lib/jam_ruby.rb b/ruby/lib/jam_ruby.rb
index 83e6e3a1a..cc2662810 100755
--- a/ruby/lib/jam_ruby.rb
+++ b/ruby/lib/jam_ruby.rb
@@ -7,6 +7,7 @@ require "rails/observers/active_model"
 require "rails/observers/activerecord/active_record"
 require "carrierwave"
 require "carrierwave/orm/activerecord"
+require "auto_strip_attributes"
 require "jampb"
 require "uuidtools"
 require "logging"
diff --git a/ruby/lib/jam_ruby/models/user.rb b/ruby/lib/jam_ruby/models/user.rb
index a9f0229d5..1d35b23fc 100644
--- a/ruby/lib/jam_ruby/models/user.rb
+++ b/ruby/lib/jam_ruby/models/user.rb
@@ -6,7 +6,9 @@ module JamRuby
 
     include Geokit::ActsAsMappable::Glue unless defined?(acts_as_mappable)
     include HtmlSanitize
+    #include ::AutoStripAttributes
     html_sanitize strict: [:first_name, :last_name, :city, :state, :country, :biography]
+    auto_strip_attributes :first_name, :last_name, :email
 
     #devise: for later: :trackable
 
@@ -895,8 +897,23 @@ module JamRuby
 
     def self.set_password_from_token(email, token, new_password, new_password_confirmation)
       user = User.where("email ILIKE ?", email).first
-      if user.nil? || user.reset_password_token != token || Time.now - user.reset_password_token_created > 3.days || new_password.length < 6 || new_password != new_password_confirmation
-        raise JamRuby::JamArgumentError
+      if user.nil?
+        raise JamRuby::JamArgumentError.new("Email no longer exists", "email")
+      end
+      if user.reset_password_token != token
+        raise JamRuby::JamArgumentError.new("Invalid reset token", "token")
+      end
+      if Time.now - user.reset_password_token_created > 3.days
+        raise JamRuby::JamArgumentError.new("Password reset has expired", "token")
+      end
+      if new_password.nil? || new_password == ""
+        raise JamRuby::JamArgumentError.new("Password is empty", "password")
+      end
+      if new_password.length < 6
+        raise JamRuby::JamArgumentError.new("Password is too short", "password")
+      end
+      if new_password != new_password_confirmation
+        raise JamRuby::JamArgumentError.new("Passwords do not match", "password_confirmation")
       end
       user.reset_password_token = nil
       user.reset_password_token_created = nil
diff --git a/web/Gemfile b/web/Gemfile
index 2516be355..b9c63cab7 100644
--- a/web/Gemfile
+++ b/web/Gemfile
@@ -19,6 +19,7 @@ else
 end
 gem 'rails', '> 4.2'
 gem 'railties', '> 4.2'
+gem 'auto_strip_attributes', '2.6.0'
 gem 'protected_attributes'
 gem 'rails-observers'
 gem 'responders', '~> 2.0'
diff --git a/web/Gemfile.lock b/web/Gemfile.lock
index a6e193802..defb6ff29 100644
--- a/web/Gemfile.lock
+++ b/web/Gemfile.lock
@@ -77,6 +77,8 @@ GEM
     arr-pm (0.0.10)
       cabin (> 0)
     attr_required (1.0.1)
+    auto_strip_attributes (2.6.0)
+      activerecord (>= 4.0)
     autoparse (0.3.3)
       addressable (>= 2.3.1)
       extlib (>= 0.9.15)
@@ -747,6 +749,7 @@ DEPENDENCIES
   aasm
   activerecord-import (~> 0.4.1)
   amqp (= 0.9.8)
+  auto_strip_attributes (= 2.6.0)
   aws-sdk (~> 1)
   bcrypt-ruby (= 3.0.1)
   bootstrap-will_paginate (= 0.0.6)
diff --git a/web/app/controllers/users_controller.rb b/web/app/controllers/users_controller.rb
index e439281da..d254726f8 100644
--- a/web/app/controllers/users_controller.rb
+++ b/web/app/controllers/users_controller.rb
@@ -301,20 +301,23 @@ class UsersController < ApplicationController
   def reset_password_token
     render 'reset_password_token', :layout => 'landing'
   end
-  
-  def reset_password_complete
+
+  def reset_password_token_post
     begin
-      User.set_password_from_token(params[:jam_ruby_user][:email], params[:jam_ruby_user][:token], 
-        params[:jam_ruby_user][:password], params[:jam_ruby_user][:password_confirmation])
-      render 'reset_password_complete', :layout => 'landing'
-    rescue JamRuby::JamArgumentError
-      @password_error = "Entries don't match or are too short"
+      User.set_password_from_token(params[:jam_ruby_user][:email], params[:jam_ruby_user][:token], params[:jam_ruby_user][:password], params[:jam_ruby_user][:password_confirmation])
+      redirect_to reset_password_complete_path({email: params[:jam_ruby_user][:email]})
+    rescue JamRuby::JamArgumentError => e
+      @password_error = e.field_message
       params[:email] = params[:jam_ruby_user][:email]
       params[:token] = params[:jam_ruby_user][:token]
       render 'reset_password_token', :layout => 'landing'
     end
   end
 
+  def reset_password_complete
+    render 'reset_password_complete', :layout => 'landing'
+  end
+
   def finalize_update_email
     # this corresponds to when the user clink a link in their new email address to configure they want to use it,
     # and verify their new address is real
diff --git a/web/app/views/users/reset_password_complete.erb b/web/app/views/users/reset_password_complete.erb
index b69bc21fd..9c26e5ef3 100644
--- a/web/app/views/users/reset_password_complete.erb
+++ b/web/app/views/users/reset_password_complete.erb
@@ -9,7 +9,7 @@
 
     <!-- inner wrapper -->
     <div class="ftue-inner">
-      Password successfully changed for <%= params[:jam_ruby_user][:email] %>
+      Password successfully changed for <%= params[:email] %>
       <br clear="all" />
       <br />
       Please return to the <a href="/">home page</a> and log in with your new password.
diff --git a/web/app/views/users/reset_password_token.erb b/web/app/views/users/reset_password_token.erb
index 21b02768b..cb9330f2d 100644
--- a/web/app/views/users/reset_password_token.erb
+++ b/web/app/views/users/reset_password_token.erb
@@ -11,7 +11,7 @@
     <!-- inner wrapper -->
     <div class="ftue-inner">
 
-      <%= form_tag '/reset_password_complete', :method => "post" do -%>
+      <%= form_tag '/reset_password_token', :method => "post" do -%>
         <%= hidden_field :jam_ruby_user, :email, :value => params[:email] %>
         <%= hidden_field :jam_ruby_user, :token, :value => params[:token] %>
 
@@ -30,7 +30,7 @@
           </div>
 
           <br clear="all" />
-          <div class="login-error-msg">
+          <div class="login-error-msg" style="color:red; font-weight:bold">
             <%=
               @password_error.nil? ? '' : @password_error
             %>
diff --git a/web/config/routes.rb b/web/config/routes.rb
index 1ef5e4914..efceaf231 100644
--- a/web/config/routes.rb
+++ b/web/config/routes.rb
@@ -120,7 +120,8 @@ Rails.application.routes.draw do
   get '/request_reset_password' => 'users#request_reset_password'
   post '/reset_password' => 'users#reset_password'
   get '/reset_password_token' => 'users#reset_password_token'
-  post '/reset_password_complete' => 'users#reset_password_complete'
+  post '/reset_password_token' => 'users#reset_password_token_post'
+  get '/reset_password_complete' => 'users#reset_password_complete', :as => 'reset_password_complete'
 
   match '/unsubscribe/:user_token' => 'users#unsubscribe', via: [:get, :post]