diff --git a/core/client/controllers/reset.js b/core/client/controllers/reset.js
index bb24501198..b500b3911f 100644
--- a/core/client/controllers/reset.js
+++ b/core/client/controllers/reset.js
@@ -4,19 +4,32 @@ import ajax from 'ghost/utils/ajax';
 import ValidationEngine from 'ghost/mixins/validation-engine';
 
 var ResetController = Ember.Controller.extend(ValidationEngine, {
-    passwords: {
-        newPassword: '',
-        ne2Password: ''
-    },
+    newPassword: '',
+    ne2Password: '',
     token: '',
     submitButtonDisabled: false,
 
     validationType: 'reset',
 
+    email: Ember.computed('token', function () {
+        // The token base64 encodes the email (and some other stuff),
+        // each section is divided by a '|'. Email comes second.
+        return atob(this.get('token')).split('|')[1];
+    }),
+
+    // Used to clear sensitive information
+    clearData: function () {
+        this.setProperties({
+            newPassword: '',
+            ne2Password: '',
+            token: ''
+        });
+    },
+
     actions: {
         submit: function () {
-            var self = this,
-                data = self.getProperties('passwords', 'token');
+            var credentials = this.getProperties('newPassword', 'ne2Password', 'token'),
+                self = this;
 
             this.toggleProperty('submitting');
             this.validate({format: false}).then(function () {
@@ -24,16 +37,15 @@ var ResetController = Ember.Controller.extend(ValidationEngine, {
                     url: self.get('ghostPaths.url').api('authentication', 'passwordreset'),
                     type: 'PUT',
                     data: {
-                        passwordreset: [{
-                            newPassword: data.passwords.newPassword,
-                            ne2Password: data.passwords.ne2Password,
-                            token: data.token
-                        }]
+                        passwordreset: [credentials]
                     }
                 }).then(function (resp) {
                     self.toggleProperty('submitting');
                     self.notifications.showSuccess(resp.passwordreset[0].message, true);
-                    self.transitionToRoute('signin');
+                    self.get('session').authenticate('simple-auth-authenticator:oauth2-password-grant', {
+                        identification: self.get('email'),
+                        password: credentials.newPassword
+                    });
                 }).catch(function (response) {
                     self.notifications.showAPIError(response);
                     self.toggleProperty('submitting');
diff --git a/core/client/controllers/setup.js b/core/client/controllers/setup.js
index 914e096733..0a65e56bbf 100644
--- a/core/client/controllers/setup.js
+++ b/core/client/controllers/setup.js
@@ -36,11 +36,11 @@ var SetupController = Ember.ObjectController.extend(ValidationEngine, {
                         identification: self.get('email'),
                         password: self.get('password')
                     });
-                }, function (resp) {
+                }).catch(function (resp) {
                     self.toggleProperty('submitting');
                     self.notifications.showAPIError(resp);
                 });
-            }, function (errors) {
+            }).catch(function (errors) {
                 self.toggleProperty('submitting');
                 self.notifications.showErrors(errors);
             });
diff --git a/core/client/routes/reset.js b/core/client/routes/reset.js
index 25569922e6..2b61c1c8d6 100644
--- a/core/client/routes/reset.js
+++ b/core/client/routes/reset.js
@@ -11,6 +11,11 @@ var ResetRoute = Ember.Route.extend(styleBody, loadingIndicator, {
     },
     setupController: function (controller, params) {
         controller.token = params.token;
+    },
+    // Clear out any sensitive information
+    deactivate: function () {
+        this._super();
+        this.controller.clearData();
     }
 });
 
diff --git a/core/client/templates/reset.hbs b/core/client/templates/reset.hbs
index accb53a539..b3b60b498e 100644
--- a/core/client/templates/reset.hbs
+++ b/core/client/templates/reset.hbs
@@ -1,10 +1,10 @@
 <section class="reset-box js-reset-box fade-in">
     <form id="reset" class="reset-form" method="post" novalidate="novalidate" {{action "submit" on="submit"}}>
         <div class="password-wrap">
-            {{input value=passwords.newPassword class="password" type="password" placeholder="Password" name="newpassword" autofocus="autofocus" }}
+            {{input value=newPassword class="password" type="password" placeholder="Password" name="newpassword" autofocus="autofocus" }}
         </div>
         <div class="password-wrap">
-            {{input value=passwords.ne2Password class="password" type="password" placeholder="Confirm Password" name="ne2password" }}
+            {{input value=ne2Password class="password" type="password" placeholder="Confirm Password" name="ne2password" }}
         </div>
         <button class="btn btn-blue" type="submit" {{bind-attr disabled='submitButtonDisabled'}}>Reset Password</button>
     </form>
diff --git a/core/client/validators/reset.js b/core/client/validators/reset.js
index 2b01d2be61..5a45d89ffb 100644
--- a/core/client/validators/reset.js
+++ b/core/client/validators/reset.js
@@ -1,9 +1,7 @@
 var ResetValidator = Ember.Object.create({
     check: function (model) {
-
-        var data = model.getProperties('passwords'),
-            p1 = data.passwords.newPassword,
-            p2 = data.passwords.ne2Password,
+        var p1 = model.get('newPassword'),
+            p2 = model.get('ne2Password'),
             validationErrors = [];
 
         if (!validator.equals(p1, p2)) {