diff --git a/app/Http/Controllers/ClientAuth/ForgotPasswordController.php b/app/Http/Controllers/ClientAuth/ForgotPasswordController.php
index 6af3c1d143b2..31bd4f7c5988 100644
--- a/app/Http/Controllers/ClientAuth/ForgotPasswordController.php
+++ b/app/Http/Controllers/ClientAuth/ForgotPasswordController.php
@@ -4,7 +4,9 @@ namespace App\Http\Controllers\ClientAuth;
 
 use Password;
 use Config;
+use Utils;
 use App\Models\Contact;
+use App\Models\Account;
 use Illuminate\Http\Request;
 use App\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
@@ -45,10 +47,6 @@ class ForgotPasswordController extends Controller
         	'clientauth' => true,
 		];
 
-        if (! session('contact_key')) {
-            return \Redirect::to('/client/session_expired');
-        }
-
         return view('clientauth.passwords.email')->with($data);
     }
 
@@ -61,15 +59,33 @@ class ForgotPasswordController extends Controller
      */
     public function sendResetLinkEmail(Request $request)
     {
-        $contactId = null;
-        $contactKey = session('contact_key');
-        if ($contactKey) {
-            $contact = Contact::where('contact_key', '=', $contactKey)->first();
-            if ($contact && ! $contact->is_deleted && $contact->email) {
-                $contactId = $contact->id;
+        // resolve the email to a contact/account
+        $account = false;
+        if (! Utils::isNinja() && Account::count() == 1) {
+            $account = Account::first();
+        } elseif ($accountKey = request()->account_key) {
+            $account = Account::whereAccountKey($accountKey)->first();
+        } else {
+            $subdomain = Utils::getSubdomain(\Request::server('HTTP_HOST'));
+            if ($subdomain && $subdomain != 'app') {
+                $account = Account::whereSubdomain($subdomain)->first();
             }
         }
 
+        if (! $account || ! request()->email) {
+            return $this->sendResetLinkFailedResponse($request, Password::INVALID_USER);
+        }
+
+        $contact = Contact::where('email', '=', request()->email)
+            ->where('account_id', '=', $account->id)
+            ->first();
+
+        if ($contact) {
+            $contactId = $contact->id;
+        } else {
+            return $this->sendResetLinkFailedResponse($request, Password::INVALID_USER);
+        }
+
         $response = $this->broker()->sendResetLink(['id' => $contactId], function (Message $message) {
             $message->subject($this->getEmailSubject());
         });
diff --git a/app/Http/Controllers/ClientAuth/LoginController.php b/app/Http/Controllers/ClientAuth/LoginController.php
index b99503d5aa87..c264320a0639 100644
--- a/app/Http/Controllers/ClientAuth/LoginController.php
+++ b/app/Http/Controllers/ClientAuth/LoginController.php
@@ -98,7 +98,7 @@ class LoginController extends Controller
                 $account = Account::whereAccountKey($accountKey)->first();
             } else {
                 $subdomain = Utils::getSubdomain(\Request::server('HTTP_HOST'));
-                if ($subdomain != 'app') {
+                if ($subdomain && $subdomain != 'app') {
                     $account = Account::whereSubdomain($subdomain)->first();
                 }
             }
diff --git a/resources/views/clientauth/login.blade.php b/resources/views/clientauth/login.blade.php
index 860869d3b7a4..e318074afb1b 100644
--- a/resources/views/clientauth/login.blade.php
+++ b/resources/views/clientauth/login.blade.php
@@ -50,7 +50,7 @@
 
         <div class="row meta">
             <div class="col-md-12 col-sm-12" style="text-align:center;padding-top:8px;">
-                {!! link_to('/client/recover_password', trans('texts.recover_password')) !!}
+                {!! link_to('/client/recover_password' . (request()->account_key ? '?account_key=' . request()->account_key : ''), trans('texts.recover_password')) !!}
             </div>
         </div>
         {!! Former::close() !!}
diff --git a/resources/views/clientauth/passwords/email.blade.php b/resources/views/clientauth/passwords/email.blade.php
index 32bd361d1b95..306ee92d3d92 100644
--- a/resources/views/clientauth/passwords/email.blade.php
+++ b/resources/views/clientauth/passwords/email.blade.php
@@ -3,7 +3,9 @@
 @section('form')
     @include('partials.warn_session', ['redirectTo' => '/client/session_expired'])
     <div class="container">
-        {!! Former::open('client/recover_password')->addClass('form-signin') !!}
+        {!! Former::open()
+                ->rules(['email' => 'required|email'])
+                ->addClass('form-signin') !!}
 
         <h2 class="form-signin-heading">{{ trans('texts.password_recovery') }}</h2>
         <hr class="green">
@@ -35,6 +37,9 @@
             <div class="alert alert-danger">{{ Session::get('error') }}</div>
         @endif
 
+        <div>
+            {!! Former::text('email')->placeholder(trans('texts.email_address'))->raw() !!}
+        </div>
         {!! Button::success(trans('texts.send_email'))
                     ->withAttributes(['class' => 'green'])
                     ->large()->submit()->block() !!}