diff --git a/user.module b/user.module
index 18349a1..fca47a3 100644
--- a/user.module
+++ b/user.module
@@ -1069,6 +1069,24 @@ function user_account_form(&$form, &$form_state) {
         '#attributes' => array('autocomplete' => 'off'),
       );
       $form['#validate'][] = 'user_validate_current_pass';
+
+      // bugreport: 1423158
+      // Reset the flood control when someone changes their password.
+      $account = db_query("SELECT * FROM {users} WHERE name = :name AND status = 1", array(':name' => $form_state['values']['name']))->fetchObject();
+      if (variable_get('user_failed_login_identifier_uid_only', FALSE)) {
+        // Register flood events based on the uid only, so they apply for any
+        // IP address. This is the most secure option.
+        $identifier = $account->uid;
+      }
+      else {
+        // The default identifier is a combination of uid and IP address. This
+        // is less secure but more resistant to denial-of-service attacks that
+        // could lock out all users with public user names.
+        $identifier = $account->uid . '-' . ip_address();
+      }
+      $form_state['flood_control_user_identifier'] = $identifier;
+
+	  // Clear past failures for this user so as not to block a user who might
+      // log in and out more than once in an hour.
+      flood_clear_event('failed_login_attempt_user', $form_state['flood_control_user_identifier']);
     }
   }
   elseif (!variable_get('user_email_verification', TRUE) || $admin) {