diff --git a/services/sync/locales/en-US/fx-prefs.dtd b/services/sync/locales/en-US/fx-prefs.dtd
index 9405945be317..8be31f156147 100644
--- a/services/sync/locales/en-US/fx-prefs.dtd
+++ b/services/sync/locales/en-US/fx-prefs.dtd
@@ -53,7 +53,7 @@
 <!ENTITY passphraseDesc.label         "Please enter a secret phrase. This will be used to encrypt all your data so only you can access it. It is never stored on the server, so don't lose this!">
 <!ENTITY passphraseDesc2.label        "This must be at least 12 characters long and cannot match your account password.">
 <!ENTITY passphraseDesc3.label        "Please enter your secret phrase. This must be the same secret phrase that you used to encrypt your data.">
-<!ENTITY passphraseHelp.label         "Your secret phrase is at least 12 characters long and is not your password. You can find your saved secret phrase by going to your other computer and checking the Saved Passwords under Security. If you still cannot get the correct secret phrase, you can choose to reset it, but you will need to enter this new secret phrase on your other computer.">
+<!ENTITY passphraseHelp.label         "Your secret phrase is at least 12 characters long and is not your password. You can find your saved secret phrase by going to your other computer and checking the Saved Passwords under Security. If you still cannot get the correct secret phrase, you can choose to reset it, but you will lose any data stored on the server.">
 <!ENTITY connecting.label             "Connecting…">
 <!ENTITY verifying.label              "Verifying…">
 
@@ -87,7 +87,6 @@
 <!ENTITY changePassword.label         "Change Password">
 <!ENTITY recoverPassword.label        "Recover Password">
 <!ENTITY changePassphrase.label       "Change Secret Phrase">
-<!ENTITY resetPassphrase.label        "Reset Secret Phrase">
 <!ENTITY resetSync.label              "Reset Sync">
 <!ENTITY differentAccount.label       "Use a Different Account">
 <!ENTITY startOver.label              "Start Over">
diff --git a/services/sync/locales/en-US/generic-change.properties b/services/sync/locales/en-US/generic-change.properties
index e97277727a77..26eb6a319260 100644
--- a/services/sync/locales/en-US/generic-change.properties
+++ b/services/sync/locales/en-US/generic-change.properties
@@ -1,33 +1,29 @@
-noPassword.alert = You must enter a password.
-noPassphrase.alert = You must enter a passphrase.
-passwordNoMatch.alert = Your passwords do not match. Try again!
-passphraseNoMatch.alert = Your passphrases do not match. Try again!
-
-incorrectPassword.alert = Your current password is incorrect!
-incorrectPassphrase.alert = Your current passphrase is incorrect!
-
 change.password.title = Change your Password
+change.password.acceptButton = Change Password
 change.password.status.active = Changing your password…
 change.password.status.success = Your password has been changed.
 change.password.status.error = There was an error changing your password.
-change.password.status.passwordSameAsPassphrase = The password cannot be the same as the passphrase.
-change.password.status.passwordSameAsUsername = The password cannot be the same as the username.
-change.password.status.passwordsDoNotMatch = The passwords you entered do not match.
-change.password.status.badOldPassword = Your current password is incorrect.
+change.password.status.pwSameAsPassphrase = The password cannot be the same as your secret phrase.
+change.password.status.pwSameAsUsername = The password cannot be the same as the username.
 
-change.passphrase.title = Change your Passphrase
-change.passphrase.label = Changing passphrase, please wait…
-change.passphrase.error = There was an error while changing your passphrase!
-change.passphrase.success = Your passphrase was successfully changed!
+change.password.introText = Your password must be at least 12 characters long.  It cannot be the same as either your user name or your secret phrase.
+change.password.warningText = Note: All of your other devices will be unable to connect to your account once you change this password.
 
-reset.passphrase.title = Reset your Passphrase
-reset.passphrase.label = Resetting passphrase, please wait…
-reset.passphrase.error = There was an error while resetting your passphrase!
-reset.passphrase.success = Your passphrase was successfully reset!
 
-new.passphrase.old = Enter your current passphrase
-new.passphrase.label = Enter your new passphrase
-new.passphrase.confirm = Confirm your new passphrase
-new.password.old = Enter your current password
+change.passphrase.title = Change your Secret Phrase
+change.passphrase.acceptButton = Change Secret Phrase
+change.passphrase.label = Changing secret phrase and uploading local data, please wait…
+change.passphrase.error = There was an error while changing your secret phrase!
+change.passphrase.success = Your secret phrase was successfully changed!
+change.passphrase.status.ppSameAsPassword = The secret phrase cannot be the same as your password.
+change.passphrase.status.ppSameAsUsername = The secret phrase cannot be the same as the username.
+
+new.passphrase.label = New secret phrase
+new.passphrase.confirm = Confirm secret phrase
+
+change.passphrase.introText = Your secret phrase must be at least 12 characters long.  Weave uses this phrase as part of encrypting your data.
+change.passphrase.introText2 = You may wish to write this down, as this is never sent over the Internet and is not backed up or synced by Weave for your security.
+change.passphrase.warningText = Note: This will erase all data stored on the Weave server and upload new data secured by this phrase. Your other devices will not sync until the secret phrase is entered for that device.
+
 new.password.label = Enter your new password
 new.password.confirm = Confirm your new password
diff --git a/services/sync/locales/en-US/sync.properties b/services/sync/locales/en-US/sync.properties
index 5836d0e378f9..4e1675a10215 100644
--- a/services/sync/locales/en-US/sync.properties
+++ b/services/sync/locales/en-US/sync.properties
@@ -24,10 +24,12 @@ remote.opened.label = All remote tabs are already open
 remote.notification.label = Recent desktop tabs will be available once they sync
 
 error.login.title = Error While Signing In
-error.login.description = Weave encountered an error while signing you in: %1$S.  Please try again.
+error.login.description = Weave encountered an error while connecting: %1$S.  Please try again.
+error.login.prefs.label = Preferences…
+error.login.prefs.accesskey = P
 # should decide if we're going to show this
 error.logout.title = Error While Signing Out
-error.logout.description = Weave encountered an error while signing you out.  It's probably ok, and you don't have to do anything about it.
+error.logout.description = Weave encountered an error while connecting.  It's probably ok, and you don't have to do anything about it.
 error.sync.title = Error While Syncing
 error.sync.description = Weave encountered an error while syncing: %1$S.  Weave will automatically retry this action.
 error.sync.no_node_found = The Weave server is a little busy right now, but you don't need to do anything about it.  We'll start syncing your data as soon as we can!
diff --git a/services/sync/modules/constants.js b/services/sync/modules/constants.js
index d3bae0dd072f..885a6ecb1b4f 100644
--- a/services/sync/modules/constants.js
+++ b/services/sync/modules/constants.js
@@ -107,6 +107,7 @@ KEYS_DOWNLOAD_FAIL:                    "error.sync.reason.keys_download_fail",
 NO_KEYS_NO_KEYGEN:                     "error.sync.reason.no_keys_no_keygen",
 KEYS_UPLOAD_FAIL:                      "error.sync.reason.keys_upload_fail",
 SETUP_FAILED_NO_PASSPHRASE:            "error.sync.reason.setup_failed_no_passphrase",
+CREDENTIALS_CHANGED:                   "error.sync.reason.credentials_changed",
 ABORT_SYNC_COMMAND:                    "aborting sync, process commands said so",
 NO_SYNC_NODE_FOUND:                    "error.sync.reason.no_node_found",
 
@@ -128,9 +129,7 @@ FIREFOX_ID:                            "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}",
 FENNEC_ID:                             "{a23983c0-fd0e-11dc-95ff-0800200c9a66}",
 SEAMONKEY_ID:                          "{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}",
 
-// UI constants
-
-// How many data types (bookmarks, history, etc) to display per row
-UI_DATA_TYPES_PER_ROW:                 3,
+MIN_PP_LENGTH:                         12,
+MIN_PASS_LENGTH:                       8
 
 }))];
diff --git a/services/sync/modules/service.js b/services/sync/modules/service.js
index 48046a0bca46..8c44b5b44a36 100644
--- a/services/sync/modules/service.js
+++ b/services/sync/modules/service.js
@@ -387,6 +387,10 @@ WeaveSvc.prototype = {
         break;
       case "weave:service:sync:error":
         this._handleSyncError();
+        if (Status.sync == CREDENTIALS_CHANGED) {
+          this.logout();
+          Utils.delay(function() this.login(), 0, this);
+        }
         break;
       case "weave:service:sync:finish":
         this._scheduleNextSync();
@@ -557,29 +561,6 @@ WeaveSvc.prototype = {
       }
     }))(),
 
-  changePassphrase: function WeaveSvc_changePassphrase(newphrase)
-    this._catch(this._notify("changepph", "", function() {
-      let pubkey = PubKeys.getDefaultKey();
-      let privkey = PrivKeys.get(pubkey.privateKeyUri);
-
-      /* Re-encrypt with new passphrase.
-       * FIXME: verifyPassphrase first!
-       */
-      let newkey = Svc.Crypto.rewrapPrivateKey(privkey.payload.keyData,
-          this.passphrase, privkey.payload.salt,
-          privkey.payload.iv, newphrase);
-      privkey.payload.keyData = newkey;
-
-      let resp = new Resource(privkey.uri).put(privkey);
-      if (!resp.success)
-        throw resp;
-
-      // Save the new passphrase to the login manager for it to sync
-      this.passphrase = newphrase;
-      this.persistLogin();
-      return true;
-    }))(),
-
   changePassword: function WeaveSvc_changePassword(newpass)
     this._notify("changepwd", "", function() {
       let url = this.userAPI + this.username + "/password";
@@ -602,28 +583,20 @@ WeaveSvc.prototype = {
       return true;
     })(),
 
-  resetPassphrase: function WeaveSvc_resetPassphrase(newphrase)
-    this._catch(this._notify("resetpph", "", function() {
-      /* Make remote commands ready so we have a list of clients beforehand */
-      this.prepCommand("logout", []);
-      let clientsBackup = Clients._store.clients;
-
+  changePassphrase: function WeaveSvc_changePassphrase(newphrase)
+    this._catch(this._notify("changepph", "", function() {
       /* Wipe */
       this.wipeServer();
       PubKeys.clearCache();
       PrivKeys.clearCache();
 
-      /* Set remote commands before syncing */
-      Clients._store.clients = clientsBackup;
-      let username = this.username;
-      let password = this.password;
       this.logout();
 
       /* Set this so UI is updated on next run */
       this.passphrase = newphrase;
 
       /* Login in sync: this also generates new keys */
-      this.login(username, password, newphrase);
+      this.login();
       this.sync(true);
       return true;
     }))(),
@@ -892,6 +865,13 @@ WeaveSvc.prototype = {
       // XXX Bug 531005 Wait long enough to allow potentially another concurrent
       // sync to finish generating the keypair and uploading them
       Sync.sleep(15000);
+      
+      // bug 545725 - re-verify creds and fail sanely
+      if (!this._verifyLogin()) {
+        Status.sync = CREDENTIALS_CHANGED;
+        this._log.info("Credentials have changed, aborting sync and forcing re-login.");
+        return false;
+      }
     }
 
     let needKeys = true;