diff --git a/app/views/devise/registrations/_password_confirmation.html.erb b/app/views/devise/registrations/_password_confirmation.html.erb
new file mode 100644
index 0000000..837b740
--- /dev/null
+++ b/app/views/devise/registrations/_password_confirmation.html.erb
@@ -0,0 +1,23 @@
+<div class="modal fade" id="password-confirmation" tabindex="-1" role="dialog" aria-labelledby="modal-title">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <h4 class="modal-title">Please confirm your password</h4>
+      </div>
+      <div id="confirmation" class="modal-body">
+        <p><%= _('Your email address is also your login id and therefore an important part of your account information. For your safety we require you to confirm your password to make this change.') %></p>
+        <div class="form-group">
+          <%= f.label :current_password, _('Password'), class: 'control-label' %>
+          <%= f.password_field :current_password, class: 'form-control' %>
+          <%= f.password_field :password, class: 'hide' %>
+        </div>
+      </div>
+      <div class="modal-footer">
+        <button type="button" class="btn btn-default" id="cancel-confirmation" 
+                data-dismiss="modal">Cancel</button>
+        <button type="button" class="btn btn-primary" 
+                data-dismiss="modal">Continue</button>
+      </div>
+    </div>
+  </div>
+</div>
\ No newline at end of file
diff --git a/app/views/devise/registrations/_personal_details.html.erb b/app/views/devise/registrations/_personal_details.html.erb
index d3b9929..eb07ae2 100644
--- a/app/views/devise/registrations/_personal_details.html.erb
+++ b/app/views/devise/registrations/_personal_details.html.erb
@@ -10,7 +10,8 @@
 
   <div class="form-group col-xs-8">
     <%= f.label(:email, _('Email'), class: 'control-label') %>
-    <%= f.email_field(:email, class: "form-control", "aria-required": true, 'data-toggle': "tooltip", title: _('Please enter your current password below when changing your email address.'), value: @user.email) %>
+    <%= f.email_field(:email, class: "form-control", "aria-required": true, value: @user.email) %>
+    <%= hidden_field_tag :original_email, @user.email %>
   </div>
 
   <div class="form-group col-xs-8">
@@ -23,11 +24,6 @@
     <%= f.text_field(:surname, class: "form-control", "aria-required": true, value: @user.surname) %>
   </div>
 
-  <div class="form-group col-xs-8">
-    <%= f.label(:password, _('Password'), class: 'control-label') %>
-    <%= f.password_field(:password, class: "form-control", "aria-required": true) %>
-  </div>
-
   <% org_admin = (current_user.can_org_admin? && !current_user.can_super_admin?) %>
   <div class="form-group col-xs-8" id="org-controls" <%= raw "data-toggle=\"tooltip\" title=\"#{_('Changing your organisation will result in the loss of your administrative privileges.')}\"" if org_admin %>>
     <%= render partial: "shared/my_org", locals: {f: f, default_org: @default_org, orgs: @orgs, allow_other_orgs: true} %>
@@ -78,6 +74,7 @@
   <div class="form-group col-xs-8">
     <%= f.button(_('Save'), class: 'btn btn-default', type: "submit") %>
   </div>
+
+  <%= render partial: 'password_confirmation', locals: {f: f} %>
+
 <% end %>
-
-
diff --git a/lib/assets/javascripts/views/devise/registrations/edit.js b/lib/assets/javascripts/views/devise/registrations/edit.js
index 3b6b122..603fc34 100644
--- a/lib/assets/javascripts/views/devise/registrations/edit.js
+++ b/lib/assets/javascripts/views/devise/registrations/edit.js
@@ -1,5 +1,7 @@
 import ariatiseForm from '../../../utils/ariatiseForm';
 import { DISABLE_ORG_COMBO_MESSAGE } from '../../../constants';
+import { isObject, isString } from '../../../utils/isType';
+import { isValidPassword } from '../../../utils/isValidInputType';
 import { addMatchingPasswordValidator, togglisePasswords } from '../../../utils/passwordHelper';
 
 $(() => {
@@ -17,4 +19,29 @@
     $('#org-controls .combobox-clear-button').hide();
     $('#other_org_toggle a').hide();
   }
+
+  // If the user has changed their email address display the password
+  // confirmation modal on form submission
+  $('#personal_details_registration_form [type="submit"]').click((e) => {
+    const newEmail = $('#personal_details_registration_form #user_email');
+    if (isObject($('#original_email')) && isObject($(newEmail))) {
+      const original = $('#original_email').val();
+      const email = $(newEmail).val();
+      const pwd = $('#password-confirmation #user_current_password').val();
+
+      // If the user changed the email and has not confirmed their password
+      if (isString(original) && isString(email)) {
+        if ((original.toLowerCase() !== email.toLowerCase()) && !isValidPassword(pwd)) {
+          e.preventDefault();
+          $('#password-confirmation').modal('show');
+        }
+      }
+    }
+  });
+
+  // Devise seems to require both the password and current_password so sync them
+  // when the user enters their password in the modal
+  $('#password-confirmation #user_current_password').change((e) => {
+    $('#password-confirmation #user_password').val($(e.target).val());
+  });
 });