diff --git a/nextcloudappstore/user/views.py b/nextcloudappstore/user/views.py
index e6a90c5d7e2..edfd9045a1a 100644
--- a/nextcloudappstore/user/views.py
+++ b/nextcloudappstore/user/views.py
@@ -5,6 +5,7 @@
 
 from allauth.account.models import EmailAddress
 from allauth.account.views import PasswordChangeView
+from allauth.decorators import rate_limit
 from django.contrib import messages
 from django.contrib.auth import logout
 from django.contrib.auth.mixins import LoginRequiredMixin
@@ -100,6 +101,7 @@ def post(self, request, *args, **kwargs):
 
 
 @method_decorator(never_cache, name="dispatch")
+@method_decorator(rate_limit(action="reset_password"), name="dispatch")
 class AccountView(LoginRequiredMixin, UpdateView):
     """Display and allow changing of the user's name and subscription."""