diff --git a/.env.example b/.env.example
index ad97994320..2415070596 100644
--- a/.env.example
+++ b/.env.example
@@ -147,6 +147,8 @@ AWS_DEFAULT_REGION=null
 LOGIN_MAX_ATTEMPTS=5
 LOGIN_LOCKOUT_DURATION=60
 RESET_PASSWORD_LINK_EXPIRES=900
+PASSWORD_MAX_ATTEMPTS=20
+PASSWORD_LOCKOUT_DURATION=60
 
 # --------------------------------------------
 # OPTIONAL: MISC
diff --git a/routes/web.php b/routes/web.php
index c59aa8690e..9d5dad6487 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -426,14 +426,14 @@ Route::group(['middleware' => 'web'], function () {
     Route::post(
         'two-factor',
         [LoginController::class, 'postTwoFactorAuth']
-    )->middleware('throttle:'.config('auth.passwords.users.throttle.max_attempts').','.config('auth.passwords.users.throttle.lockout_duration'));
+    )->middleware('throttle:'.config('auth.password_reset.throttle.max_attempts').','.config('auth.password_reset.throttle.lockout_duration'));
 
 
 
     Route::post(
         'password/email',
         [ForgotPasswordController::class, 'sendResetLinkEmail']
-    )->name('password.email')->middleware('throttle:'.config('auth.passwords.users.throttle.max_attempts').','.config('auth.passwords.users.throttle.lockout_duration'));
+    )->name('password.email')->middleware('throttle:'.config('auth.password_reset.throttle.max_attempts').','.config('auth.password_reset.throttle.lockout_duration'));
 
     Route::get(
         'password/reset',
@@ -444,7 +444,7 @@ Route::group(['middleware' => 'web'], function () {
     Route::post(
         'password/reset',
         [ResetPasswordController::class, 'reset']
-    )->name('password.update')->middleware('throttle:'.config('auth.passwords.users.throttle.password_max_attempts').','.config('auth.passwords.users.throttle.password_lockout_duration'));
+    )->name('password.update')->middleware('throttle:'.config('auth.password_reset.throttle.max_attempts').','.config('auth.password_reset.throttle.lockout_duration'));
 
     Route::get(
         'password/reset/{token}',
@@ -454,8 +454,8 @@ Route::group(['middleware' => 'web'], function () {
 
     Route::post(
         'password/email',
-        [ResetPasswordController::class, 'showLinkRequestForm']
-    )->name('password.request')->middleware('throttle:'.config('auth.passwords.users.throttle.password_max_attempts').','.config('auth.passwords.users.throttle.password_lockout_duration'));
+        [ForgotPasswordController::class, 'sendResetLinkEmail']
+    )->name('password.email')->middleware('throttle:'.config('auth.password_reset.throttle.max_attempts').','.config('auth.password_reset.throttle.lockout_duration'));