diff --git a/src/Umbraco.Infrastructure/Persistence/Dtos/AccessDto.cs b/src/Umbraco.Infrastructure/Persistence/Dtos/AccessDto.cs
index 354083dfa8..0821232826 100644
--- a/src/Umbraco.Infrastructure/Persistence/Dtos/AccessDto.cs
+++ b/src/Umbraco.Infrastructure/Persistence/Dtos/AccessDto.cs
@@ -37,5 +37,5 @@ internal class AccessDto
 
     [ResultColumn]
     [Reference(ReferenceType.Many, ReferenceMemberName = "AccessId")]
-    public List<AccessRuleDto> Rules { get; set; } = null!;
+    public List<AccessRuleDto> Rules { get; set; } = new();
 }
diff --git a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
index beb8787c79..19cc4ae70f 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
@@ -404,6 +404,9 @@ public class AuthenticationController : UmbracoApiControllerBase
         }
 
         BackOfficeIdentityUser? identityUser = await _userManager.FindByEmailAsync(model.Email);
+
+        await Task.Delay(RandomNumberGenerator.GetInt32(400, 2500)); // To randomize response time preventing user enumeration
+
         if (identityUser != null)
         {
             IUser? user = _userService.GetByEmail(model.Email);
@@ -424,14 +427,20 @@ public class AuthenticationController : UmbracoApiControllerBase
 
                 var mailMessage = new EmailMessage(from, user.Email, subject, message, true);
 
-                await _emailSender.SendAsync(mailMessage, Constants.Web.EmailTypes.PasswordReset, true);
+                try
+                {
+                    await _emailSender.SendAsync(mailMessage, Constants.Web.EmailTypes.PasswordReset, true);
+                }
+                catch (Exception ex)
+                {
+                    _logger.LogError(ex, "Error sending email, please check your SMTP configuration: {ErrorMessage}", ex.Message);
+                    return Ok();
+                }
 
                 _userManager.NotifyForgotPasswordRequested(User, user.Id.ToString());
             }
         }
 
-        await Task.Delay(RandomNumberGenerator.GetInt32(400, 2500));
-
         return Ok();
     }
 
diff --git a/src/Umbraco.Web.UI.Client/src/common/resources/auth.resource.js b/src/Umbraco.Web.UI.Client/src/common/resources/auth.resource.js
index e09718176c..7b0a10cf31 100644
--- a/src/Umbraco.Web.UI.Client/src/common/resources/auth.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/auth.resource.js
@@ -28,7 +28,7 @@ function authResource($q, $http, umbRequestHelper, angularHelper) {
      *    });
      * </pre>
      * @returns {Promise} resourcePromise object
-     * 
+     *
      */
     get2FAProviders: function () {
 
@@ -203,7 +203,7 @@ function authResource($q, $http, umbRequestHelper, angularHelper) {
             "PostRequestPasswordReset"), {
             email: email
           }),
-        'Request password reset failed for email ' + email);
+        'An email with password reset instructions will be sent to the specified address if it matched our records');
     },
 
     /**
diff --git a/src/Umbraco.Web.UI.Client/src/views/components/application/umb-login.html b/src/Umbraco.Web.UI.Client/src/views/components/application/umb-login.html
index 4a9dc85865..69dc038cb8 100644
--- a/src/Umbraco.Web.UI.Client/src/views/components/application/umb-login.html
+++ b/src/Umbraco.Web.UI.Client/src/views/components/application/umb-login.html
@@ -158,7 +158,7 @@
                         </div>
 
                         <div ng-messages="vm.requestPasswordResetForm.$error" class="control-group" ng-show="vm.requestPasswordResetForm.$invalid">
-                            <p ng-message="auth" class="text-error" role="alert" tabindex="0">{{vm.errorMsg}}</p>
+                            <p ng-message="auth" class="text-info" role="alert" tabindex="0">{{vm.errorMsg}}</p>
                         </div>
 
                         <div class="control-group" ng-show="vm.showEmailResetConfirmation">