diff --git a/app/controllers/catchall_controller.rb b/app/controllers/catchall_controller.rb
index 9a40bddff..cb440df1d 100644
--- a/app/controllers/catchall_controller.rb
+++ b/app/controllers/catchall_controller.rb
@@ -1,5 +1,7 @@
 class CatchallController < ApplicationController
   def not_implemented
+    return head :not_found if Rails.env.development?
+
     interactor.call do |error|
       return redirect_to error.location, status: error.status if error.redirect?
     end
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 74f657d80..794c94c05 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -72,6 +72,9 @@
   # Does not affect registerable.
   # config.paranoid = true
 
+  # force accounts to signin again after changing password
+  config.sign_in_after_change_password = false
+
   # By default Devise will store the user in session. You can skip storage for
   # particular strategies by setting this option.
   # Notice that if you are skipping storage for all authentication paths, you
diff --git a/features/settings.feature b/features/settings.feature
index f660b5520..25d090b24 100644
--- a/features/settings.feature
+++ b/features/settings.feature
@@ -17,9 +17,11 @@ Feature: Settings
 
   Scenario: Updating password
     Given I am signed in
+    And   I sign in elsewhere
     And   I am on the settings page
     And   I update password to "new password"
-    Then  I should see a successful update notification
+    And   I will be logged out
+    And   I will be logged out elsewhere
 
   Scenario: Updating post code
     Given I am signed in
diff --git a/features/step_definitions/settings_steps.rb b/features/step_definitions/settings_steps.rb
index 256927e2f..895c2f671 100644
--- a/features/step_definitions/settings_steps.rb
+++ b/features/step_definitions/settings_steps.rb
@@ -34,3 +34,14 @@
 Then(/^I see my settings page$/) do
   expect(settings_page).to be_displayed
 end
+
+Then('I will be logged out') do
+  expect(sign_in_page).to be_displayed
+end
+
+Then('I will be logged out elsewhere') do
+  Capybara.using_session(:other_session) do
+    step 'I try to view the settings page'
+    step 'I will be logged out'
+  end
+end