diff --git a/include/staff/login.tpl.php b/include/staff/login.tpl.php
index 1f3bb55e0c1565f6d9b6908c7359018c56d1bdaa..35fffcc98ebb9374656b9f4fee90945e15c89d3b 100644
--- a/include/staff/login.tpl.php
+++ b/include/staff/login.tpl.php
@@ -12,7 +12,7 @@ $info = ($_POST && $errors)?Format::htmlchars($_POST):array();
             <input type="text" name="userid" id="name" value="<?php echo $info['userid']; ?>" placeholder="username" autocorrect="off" autocapitalize="off">
             <input type="password" name="passwd" id="pass" placeholder="password" autocorrect="off" autocapitalize="off">
         </fieldset>
-        <?php if ($_SESSION['_staff']['strikes'] > 1 && $cfg->allowPasswordReset()) { ?>
+        <?php if ($show_reset && $cfg->allowPasswordReset()) { ?>
         <h3 style="display:inline"><a href="pwreset.php">Forgot my password</a></h3>
         <?php } ?>
         <input class="submit" type="submit" name="submit" value="Log In">
diff --git a/scp/login.php b/scp/login.php
index 211bb70989f8fbe002fded97c9e59fa873b81ab1..4356aaa615683ce2f1f292fe98cc15fa9773fee5 100644
--- a/scp/login.php
+++ b/scp/login.php
@@ -23,6 +23,7 @@ $dest = $_SESSION['_staff']['auth']['dest'];
 $msg = $_SESSION['_staff']['auth']['msg'];
 $msg = $msg?$msg:'Authentication Required';
 $dest=($dest && (!strstr($dest,'login.php') && !strstr($dest,'ajax.php')))?$dest:'index.php';
+$show_reset = false;
 if($_POST) {
     // Lookup support backends for this staff
     $username = trim($_POST['userid']);
@@ -34,6 +35,7 @@ if($_POST) {
     }
 
     $msg = $errors['err']?$errors['err']:'Invalid login';
+    $show_reset = true;
 }
 // Consider single sign-on authentication backends
 else if (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) {