diff --git a/common/djangoapps/student/models.py b/common/djangoapps/student/models.py
index dd7d2a2334..7c0726c352 100644
--- a/common/djangoapps/student/models.py
+++ b/common/djangoapps/student/models.py
@@ -453,23 +453,20 @@ class PasswordHistory(models.Model):
         if not settings.FEATURES['ADVANCED_SECURITY']:
             return True
 
-        min_diff_passwords_required = 0
-        if user.is_staff:
-            if cls.is_staff_password_reuse_restricted():
+        if user.is_staff and cls.is_staff_password_reuse_restricted():
                 min_diff_passwords_required = \
                     settings.ADVANCED_SECURITY_CONFIG['MIN_DIFFERENT_STAFF_PASSWORDS_BEFORE_REUSE']
         elif cls.is_student_password_reuse_restricted():
             min_diff_passwords_required = \
                 settings.ADVANCED_SECURITY_CONFIG['MIN_DIFFERENT_STUDENT_PASSWORDS_BEFORE_REUSE']
+        else:
+            min_diff_passwords_required = 0
 
-        history = PasswordHistory.objects.filter(user=user).order_by('-time_set')
-
-        reuse_distance = 0
+        # just limit the result set to the number of different
+        # password we need
+        history = PasswordHistory.objects.filter(user=user).order_by('-time_set')[:min_diff_passwords_required]
 
         for entry in history:
-            # did we reach the minimum amount of intermediate different passwords?
-            if reuse_distance >= min_diff_passwords_required:
-                return True
 
             # be sure to re-use the same salt
             # NOTE, how the salt is serialized in the password field is dependent on the algorithm
@@ -483,12 +480,13 @@ class PasswordHistory(models.Model):
             else:
                 # This means we got something unexpected. We don't want to throw an exception, but
                 # log as an error and basically allow any password reuse
-                AUDIT_LOG.error('Unknown password hashing algorithm "{0}" found in existing password hash, password reuse policy will not be enforced!!!'.format(algorithm))
+                AUDIT_LOG.error('''
+                                Unknown password hashing algorithm "{0}" found in existing password
+                                hash, password reuse policy will not be enforced!!!
+                                '''.format(algorithm))
                 return True
 
-            if entry.password != hashed_password:
-                reuse_distance +=  1
-            else:
+            if entry.password == hashed_password:
                 return False
 
         return True
diff --git a/lms/templates/registration/password_reset_confirm.html b/lms/templates/registration/password_reset_confirm.html
index 0b1b7570e7..ad048d458a 100644
--- a/lms/templates/registration/password_reset_confirm.html
+++ b/lms/templates/registration/password_reset_confirm.html
@@ -86,7 +86,11 @@
           </h3>
         </div>
 
-        <div role="alert" class="status message submission-error" style="display: {% if err_msg %}block{% else %}None{% endif %}">
+        {% if err_msg %}
+        <div role="alert" class="status message submission-error" style="display: block;">
+        {% else %}
+        <div role="alert" class="status message submission-error" style="display: none;">
+        {% endif %}
           <h3 class="message-title">{% trans "The following errors occurred while processing your registration: " %}</h3>
           <ul class="message-copy">
             {% if err_msg %}