diff --git a/snikket_web/templates/library.j2 b/snikket_web/templates/library.j2
index b2f853e..866c417 100644
--- a/snikket_web/templates/library.j2
+++ b/snikket_web/templates/library.j2
@@ -74,14 +74,15 @@
 {%- endmacro %}
 
 {% macro render_errors(field, caller=None) -%}
-{%- if field.errors -%}
+{%- set error_list = field.errors if field.errors is not mapping else (field.errors.values() | flatten | list) -%}
+{%- if error_list -%}
 <div class="box warning">{#- -#}
 <header>{% trans %}Invalid input{% endtrans %}</header>
-{%- if field.errors | length == 1 -%}
-<p>{{ field.errors[0] }}.</p>
+{%- if error_list | length == 1 -%}
+<p>{{ error_list[0] }}.</p>
 {%- else -%}
 <ul>
-{%- for error in field.errors -%}
+{%- for error in error_list -%}
 	<li>{{ error }}</li>
 {%- endfor -%}
 </ul>
diff --git a/snikket_web/templates/user_passwd.html b/snikket_web/templates/user_passwd.html
index 4f1b342..1972535 100644
--- a/snikket_web/templates/user_passwd.html
+++ b/snikket_web/templates/user_passwd.html
@@ -1,5 +1,5 @@
 {% extends "app.html" %}
-{% from "library.j2" import standard_button, custom_form_button %}
+{% from "library.j2" import standard_button, custom_form_button, render_errors %}
 {% block head_lead %}
 <title>Snikket Web Portal</title>
 {% endblock %}
@@ -8,18 +8,8 @@
 	<h2 class="form-title">{% trans %}Change your password{% endtrans %}</h2>
 	<p class="form-desc weak">{% trans %}To change your password, you need to provide the current password as well as the new one. To reduce the chance of typos, we ask for your new password twice.{% endtrans %}</p>
 	{{ form.csrf_token }}
-	{% if form.errors %}
-	<div class="box alert">
-		<header>{% trans %}Password change failed{% endtrans %}</header>
-		<ul>
-		{% for field, errors in form.errors.items() %}
-		{% for error in errors %}
-		<li>{{ error }}</li>
-		{% endfor %}
-		{% endfor %}
-		</ul>
-	</div>
-	{% endif %}
+	{%- call render_errors(form) -%}
+	{%- endcall -%}
 	<div class="f-ebox">
 		{{ form.current_password.label(class="required") }}
 		{{ form.current_password(class=("has-error" if form.current_password.name in form.errors else "")) }}
diff --git a/snikket_web/translations/messages.pot b/snikket_web/translations/messages.pot
index 9425612..41722a4 100644
--- a/snikket_web/translations/messages.pot
+++ b/snikket_web/translations/messages.pot
@@ -122,7 +122,7 @@ msgid "Confirm new password"
 msgstr ""
 
 #: snikket_web/user.py:35
-msgid "The new passwords must match."
+msgid "The new passwords must match"
 msgstr ""
 
 #: snikket_web/user.py:42
@@ -155,7 +155,7 @@ msgstr ""
 msgid "Profile visibility"
 msgstr ""
 
-#: snikket_web/user.py:92
+#: snikket_web/user.py:93
 msgid "Incorrect password"
 msgstr ""
 
@@ -282,7 +282,7 @@ msgid "Debug information for %(user_name)s"
 msgstr ""
 
 #: snikket_web/templates/admin_debug_user.html:11
-#: snikket_web/templates/user_passwd.html:36
+#: snikket_web/templates/user_passwd.html:26
 msgid "Warning"
 msgstr ""
 
@@ -339,7 +339,7 @@ msgstr ""
 #: snikket_web/templates/admin_edit_invite.html:45
 #: snikket_web/templates/admin_reset_user_password.html:25
 #: snikket_web/templates/user_logout.html:13
-#: snikket_web/templates/user_passwd.html:40
+#: snikket_web/templates/user_passwd.html:30
 #: snikket_web/templates/user_profile.html:25
 msgid "Back"
 msgstr ""
@@ -593,7 +593,7 @@ msgstr ""
 msgid "Copy link"
 msgstr ""
 
-#: snikket_web/templates/library.j2:79
+#: snikket_web/templates/library.j2:80
 msgid "Invalid input"
 msgstr ""
 
@@ -634,7 +634,7 @@ msgid ""
 msgstr ""
 
 #: snikket_web/templates/user_home.html:11
-#: snikket_web/templates/user_passwd.html:42
+#: snikket_web/templates/user_passwd.html:32
 msgid "Change password"
 msgstr ""
 
@@ -675,11 +675,7 @@ msgid ""
 "password twice."
 msgstr ""
 
-#: snikket_web/templates/user_passwd.html:13
-msgid "Password change failed"
-msgstr ""
-
-#: snikket_web/templates/user_passwd.html:37
+#: snikket_web/templates/user_passwd.html:27
 msgid ""
 "After changing your password, you will have to enter the new password on "
 "all of your devices."
diff --git a/snikket_web/user.py b/snikket_web/user.py
index 2810e18..12c0c2d 100644
--- a/snikket_web/user.py
+++ b/snikket_web/user.py
@@ -32,7 +32,7 @@ class ChangePasswordForm(flask_wtf.FlaskForm):  # type:ignore
         validators=[wtforms.validators.InputRequired(),
                     wtforms.validators.EqualTo(
                         "new_password",
-                        _l("The new passwords must match.")
+                        _l("The new passwords must match")
                     )]
     )
 
@@ -86,9 +86,10 @@ async def change_pw() -> typing.Union[str, quart.Response]:
                 form.current_password.data,
                 form.new_password.data,
             )
-        except quart.exceptions.Unauthorized:
+        except (quart.exceptions.Unauthorized,
+                quart.exceptions.Forbidden):
             # server refused current password, set an appropriate error
-            form.errors.setdefault(form.current_password.name, []).append(
+            form.current_password.errors.append(
                 _("Incorrect password"),
             )
         else: