diff --git a/core/includes/form.inc b/core/includes/form.inc
index 1610f80..e480e07 100644
--- a/core/includes/form.inc
+++ b/core/includes/form.inc
@@ -1166,14 +1166,14 @@ function template_preprocess_radios(&$variables) {
 function form_process_password_confirm($element) {
   $element['pass1'] =  array(
     '#type' => 'password',
-    '#title' => t('Password'),
+    '#title' => $element['#title1'] ? $element['#title1'] : t('Password'),
     '#value' => empty($element['#value']) ? NULL : $element['#value']['pass1'],
     '#required' => $element['#required'],
     '#attributes' => array('class' => array('password-field')),
   );
   $element['pass2'] =  array(
     '#type' => 'password',
-    '#title' => t('Confirm password'),
+    '#title' => $element['#title2'] ? $element['#title2'] : t('Confirm password'),
     '#value' => empty($element['#value']) ? NULL : $element['#value']['pass2'],
     '#required' => $element['#required'],
     '#attributes' => array('class' => array('password-confirm')),
diff --git a/core/modules/user/src/AccountForm.php b/core/modules/user/src/AccountForm.php
index f4f718b..0787aad 100644
--- a/core/modules/user/src/AccountForm.php
+++ b/core/modules/user/src/AccountForm.php
@@ -82,17 +82,6 @@ public function form(array $form, array &$form_state) {
       '#weight' => -10,
     );
 
-    // The mail field is NOT required if account originally had no mail set
-    // and the user performing the edit has 'administer users' permission.
-    // This allows users without email address to be edited and deleted.
-    $form['account']['mail'] = array(
-      '#type' => 'email',
-      '#title' => $this->t('Email address'),
-      '#description' => $this->t('A valid email address. All emails from the system will be sent to this address. The email address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by email.'),
-      '#required' => !(!$account->getEmail() && $user->hasPermission('administer users')),
-      '#default_value' => (!$register ? $account->getEmail() : ''),
-    );
-
     // Only show name field on registration form or user can change own username.
     $form['account']['name'] = array(
       '#type' => 'textfield',
@@ -110,11 +99,29 @@ public function form(array $form, array &$form_state) {
       '#access' => ($register || ($user->id() == $account->id() && $user->hasPermission('change own username')) || $admin),
     );
 
+    // The mail field is NOT required if account originally had no mail set
+    // and the user performing the edit has 'administer users' permission.
+    // This allows users without email address to be edited and deleted.
+    $form['account']['mail'] = array(
+      '#type' => 'email',
+      '#title' => $this->t('Email address'),
+      '#description' => $this->t('A valid email address. All emails from the system will be sent to this address. The email address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by email.'),
+      '#required' => !(!$account->getEmail() && $user->hasPermission('administer users')),
+      '#default_value' => (!$register ? $account->getEmail() : ''),
+    );
+
     // Display password field only for existing users or when user is allowed to
     // assign a password during registration.
     if (!$register) {
-      $form['account']['pass'] = array(
+      $form['account']['changepass'] = array(
+        '#type' => 'details',
+        '#title' => t('Change password'),
+        '#open' => TRUE,
+      );
+      $form['account']['changepass']['pass'] = array(
         '#type' => 'password_confirm',
+        '#title1' => $this->t('New password'),
+        '#title2' => $this->t('Confirm new password'),
         '#size' => 25,
         '#description' => $this->t('To change the current user password, enter the new password in both fields.'),
       );
@@ -132,7 +139,7 @@ public function form(array $form, array &$form_state) {
         $protected_values['mail'] = $form['account']['mail']['#title'];
         $protected_values['pass'] = $this->t('Password');
         $request_new = l($this->t('Request new password'), 'user/password', array('attributes' => array('title' => $this->t('Request new password via email.'))));
-        $current_pass_description = $this->t('Required if you want to change the %mail or %pass below. !request_new.', array('%mail' => $protected_values['mail'], '%pass' => $protected_values['pass'], '!request_new' => $request_new));
+        $current_pass_description = $this->t('Required if you want to change the %mail or %pass above. !request_new.', array('%mail' => $protected_values['mail'], '%pass' => $protected_values['pass'], '!request_new' => $request_new));
       }
 
       // The user must enter their current password to change to a new one.
@@ -148,11 +155,17 @@ public function form(array $form, array &$form_state) {
           '#size' => 25,
           '#access' => !empty($protected_values),
           '#description' => $current_pass_description,
-          '#weight' => -5,
           // Do not let web browsers remember this password, since we are
           // trying to confirm that the person submitting the form actually
           // knows the current one.
           '#attributes' => array('autocomplete' => 'off'),
+          '#states' => array(
+            // Only show this field when mail or new password has changed.
+            'visible' => array(
+              array(':input[name="mail"]' => array('!value' => $account->getEmail())),
+              array(':input[name="pass[pass1]"]' => array('filled' => TRUE)),
+            ),
+          ),
         );
 
         $form_state['user'] = $account;