diff --git a/app/controllers/users/unlocks_controller.rb b/app/controllers/users/unlocks_controller.rb
new file mode 100644
index 0000000..6bcbe05
--- /dev/null
+++ b/app/controllers/users/unlocks_controller.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class Users::UnlocksController < Devise::UnlocksController
+  skip_after_action :verify_authorized
+  skip_after_action :verify_policy_scoped
+
+  # GET /resource/unlock/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/unlock
+  # def create
+  #   super
+  # end
+
+  # GET /resource/unlock?unlock_token=abcdef
+  # def show
+  #   super
+  # end
+
+  # protected
+
+  # The path used after sending unlock password instructions
+  # def after_sending_unlock_instructions_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after unlocking the resource
+  # def after_unlock_path_for(resource)
+  #   super(resource)
+  # end
+end
diff --git a/app/views/users/unlocks/new.html.erb b/app/views/users/unlocks/new.html.erb
new file mode 100644
index 0000000..6e9bb63
--- /dev/null
+++ b/app/views/users/unlocks/new.html.erb
@@ -0,0 +1,21 @@
+<div class="container">
+  <h2><%= translate '.resend_unlock_instructions' %></h2>
+
+  <%= simple_form_for resource, as: resource_name, url: unlock_path(resource_name) do |f| %>
+    <%= f.error_notification %>
+    <%= f.full_error :unlock_token %>
+
+    <div class="form-inputs">
+      <%= f.input :email,
+                  required: true,
+                  autofocus: true,
+                  input_html: { autocomplete: 'email' } %>
+    </div>
+
+    <div class="form-actions">
+      <%= f.button :submit, translate('.resend_unlock_instructions') %>
+    </div>
+  <% end %>
+
+  <%= render 'users/shared/links' %>
+</div>
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 8134223..deb3746 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -193,7 +193,7 @@ Devise.setup do |config|
   # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
   # :both  = Enables both strategies
   # :none  = No unlock strategy. You should handle unlocking by yourself.
-  config.unlock_strategy = :time
+  config.unlock_strategy = :both
 
   # Number of authentication tries before locking an account if lock_strategy
   # is failed attempts.
diff --git a/config/routes.rb b/config/routes.rb
index 09100d4..9d56134 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -26,6 +26,7 @@ Rails.application.routes.draw do
     registrations: 'users/registrations',
     confirmations: 'users/confirmations',
     passwords:     'users/passwords',
+    unlocks:       'users/unlocks',
   }
 
   resources :membership_applications, only: %i[new create]