diff --git a/app/controllers/password_resets_controller.rb b/app/controllers/password_resets_controller.rb
index 73ea364acd74fd480c2e49b57e68517b7e818d10..cd95b13c13eb03712ff0b8a2f26d6a2492dc4c28 100644
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@@ -23,22 +23,22 @@ class PasswordResetsController < ApplicationController
   before_action :find_user, only: [:edit, :update]
   before_action :check_expiration, only: [:edit, :update]
 
-  # POST /password_resets/new
+  # GET /password_resets/new
   def new
   end
 
   # POST /password_resets
   def create
-    begin
-      # Check if user exists and throw an error if he doesn't
-      @user = User.find_by!(email: params[:password_reset][:email].downcase, provider: @user_domain)
-
-      send_password_reset_email(@user, @user.create_reset_digest)
-      redirect_to root_path
-    rescue
-      # User doesn't exist
-      redirect_to root_path, flash: { success: I18n.t("email_sent", email_type: t("reset_password.subtitle")) }
-    end
+    return redirect_to new_password_reset_path, flash: { alert: I18n.t("reset_password.captcha") } unless valid_captcha
+
+    # Check if user exists and throw an error if he doesn't
+    @user = User.find_by!(email: params[:password_reset][:email].downcase, provider: @user_domain)
+
+    send_password_reset_email(@user, @user.create_reset_digest)
+    redirect_to root_path
+  rescue
+    # User doesn't exist
+    redirect_to root_path, flash: { success: I18n.t("email_sent", email_type: t("reset_password.subtitle")) }
   end
 
   # GET /password_resets/:id/edit
@@ -84,4 +84,10 @@ class PasswordResetsController < ApplicationController
   def disable_password_reset
     redirect_to '/404'
   end
+
+  # Checks that the captcha passed is valid
+  def valid_captcha
+    return true unless Rails.configuration.recaptcha_enabled
+    verify_recaptcha
+  end
 end
diff --git a/app/views/password_resets/new.html.erb b/app/views/password_resets/new.html.erb
index 69a703a8fd08f769d9fd40a5fbf4100c32a42e4b..285d9d34c119068fb4cba54a6ccd4acf02695ce7 100644
--- a/app/views/password_resets/new.html.erb
+++ b/app/views/password_resets/new.html.erb
@@ -25,6 +25,12 @@
             <%= f.label :email, t("forgot_password.email"), class: "form-label" %>
             <%= f.email_field :email, class: "form-control" %>
             <br>
+
+            <% if recaptcha_enabled? %>
+              <div class="form-group">
+                <%= recaptcha_tags %>
+              </div>
+            <% end %>
       
             <%= f.submit t("forgot_password.submit"), class: "btn btn-primary" %>
           <% end %>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index bfc1ae18af90e8422249b3c1a0a1ed97ae4a5adc..81bbc13ceb792a4ea23808a566485afd4878d1c0 100755
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -526,6 +526,7 @@ en:
   remove: Remove
   rename: Rename
   reset_password:
+    captcha: reCAPTCHA verification failed, please try again.
     invalid_token: Password reset token is invalid. Please try resetting your password again.
     subtitle: Reset Password
     password: New Password
diff --git a/spec/controllers/password_resets_controller_spec.rb b/spec/controllers/password_resets_controller_spec.rb
index 429b993b7ea7c981de7cbe4b0100ba6c49c81994..e18dc1dbdddd53406e5841aaf0962f529e886ca0 100644
--- a/spec/controllers/password_resets_controller_spec.rb
+++ b/spec/controllers/password_resets_controller_spec.rb
@@ -71,6 +71,43 @@ describe PasswordResetsController, type: :controller do
         expect(response).to redirect_to("/404")
       end
     end
+
+    context "reCAPTCHA enabled" do
+      before do
+        allow(Rails.configuration).to receive(:enable_email_verification).and_return(true)
+        allow(Rails.configuration).to receive(:recaptcha_enabled).and_return(true)
+      end
+
+      it "sends a reset email if the recaptcha was passed" do
+        allow(controller).to receive(:valid_captcha).and_return(true)
+
+        user = create(:user, provider: "greenlight")
+
+        params = {
+          password_reset: {
+            email: user.email,
+          },
+        }
+
+        expect { post :create, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
+      end
+
+      it "doesn't send an email if the recaptcha was failed" do
+        allow(controller).to receive(:valid_captcha).and_return(false)
+
+        user = create(:user)
+
+        params = {
+          password_reset: {
+            email: user.email,
+          },
+        }
+
+        post :create, params: params
+        expect(response).to redirect_to(new_password_reset_path)
+        expect(flash[:alert]).to be_present
+      end
+    end
   end
 
   describe "PATCH #update" do