diff --git a/canaille/app/forms.py b/canaille/app/forms.py
index fc568352..f9a6934a 100644
--- a/canaille/app/forms.py
+++ b/canaille/app/forms.py
@@ -123,6 +123,23 @@ def compromised_password_validator(form, field):
             )
 
 
+def form_password_validation(password, confirmation, password_field_name):
+    password.validators = [
+        wtforms.validators.DataRequired(),
+        password_length_validator,
+        password_too_long_validator,
+        compromised_password_validator,
+    ]
+    confirmation.validators = [
+        wtforms.validators.DataRequired(),
+        wtforms.validators.EqualTo(
+            password_field_name, message=_("Password and confirmation do not match.")
+        ),
+    ]
+    password.flags.required = True
+    confirmation.flags.required = True
+
+
 def email_validator(form, field):
     try:
         import email_validator  # noqa: F401
diff --git a/canaille/core/endpoints/account.py b/canaille/core/endpoints/account.py
index 507a375a..e19ab69d 100644
--- a/canaille/core/endpoints/account.py
+++ b/canaille/core/endpoints/account.py
@@ -30,10 +30,8 @@ from canaille.app.flask import smtp_needed
 from canaille.app.flask import user_needed
 from canaille.app.forms import IDToModel
 from canaille.app.forms import TableForm
-from canaille.app.forms import compromised_password_validator
+from canaille.app.forms import form_password_validation
 from canaille.app.forms import is_readonly
-from canaille.app.forms import password_length_validator
-from canaille.app.forms import password_too_long_validator
 from canaille.app.forms import set_readonly
 from canaille.app.forms import set_writable
 from canaille.app.i18n import gettext as _
@@ -314,20 +312,7 @@ def registration(data=None, hash=None):
     if not is_readonly(form["emails"]) and emails_readonly:
         set_readonly(form["emails"])
 
-    form["password1"].validators = [
-        wtforms.validators.DataRequired(),
-        password_length_validator,
-        password_too_long_validator,
-        compromised_password_validator,
-    ]
-    form["password2"].validators = [
-        wtforms.validators.DataRequired(),
-        wtforms.validators.EqualTo(
-            "password1", message=_("Password and confirmation do not match.")
-        ),
-    ]
-    form["password1"].flags.required = True
-    form["password2"].flags.required = True
+    form_password_validation(form["password1"], form["password2"], "password1")
 
     if not request.form or form.form_control():
         return render_template(
@@ -892,6 +877,8 @@ def reset(user):
     if user != current_user() or not user.has_expired_password():
         abort(403)
 
+    form_password_validation(form["password"], form["confirmation"], "password")
+
     if request.form and form.validate():
         Backend.instance.set_user_password(user, form.password.data)
         login_user(user)
diff --git a/canaille/core/endpoints/auth.py b/canaille/core/endpoints/auth.py
index 41140991..a4004ef5 100644
--- a/canaille/core/endpoints/auth.py
+++ b/canaille/core/endpoints/auth.py
@@ -1,6 +1,5 @@
 import datetime
 
-import wtforms
 from flask import Blueprint
 from flask import abort
 from flask import current_app
@@ -15,9 +14,7 @@ from canaille.app import get_b64encoded_qr_image
 from canaille.app import mask_email
 from canaille.app import mask_phone
 from canaille.app.flask import smtp_needed
-from canaille.app.forms import compromised_password_validator
-from canaille.app.forms import password_length_validator
-from canaille.app.forms import password_too_long_validator
+from canaille.app.forms import form_password_validation
 from canaille.app.i18n import gettext as _
 from canaille.app.session import current_user
 from canaille.app.session import login_user
@@ -266,20 +263,7 @@ def reset(user, hash):
         )
         return redirect(url_for("core.account.index"))
 
-    form["password"].validators = [
-        wtforms.validators.DataRequired(),
-        password_length_validator,
-        password_too_long_validator,
-        compromised_password_validator,
-    ]
-    form["confirmation"].validators = [
-        wtforms.validators.DataRequired(),
-        wtforms.validators.EqualTo(
-            "password", message=_("Password and confirmation do not match.")
-        ),
-    ]
-    form["password"].flags.required = True
-    form["confirmation"].flags.required = True
+    form_password_validation(form["password"], form["confirmation"], "password")
 
     if request.form and form.validate():
         Backend.instance.set_user_password(user, form.password.data)