diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index 0b47a55941..10b0dfc113 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1006,18 +1006,6 @@ signing_key_path: "CONFDIR/SERVERNAME.signing.key"
 #   algorithm: "HS256"
 
 
-# Allow users to reset their password
-#
-# Resetting a user's password is done either by sending a token from
-# Synapse, or asking an identity server to do so. In Synapse v1.0,
-# sending a password reset token from an identity server was turned off
-# by default for security reasons.
-#
-# If enable_password_reset_from_is is False, you must fill out the
-# "email" section of the config before enabling password resets
-#
-#enable_password_resets: False
-
 password_config:
    # Uncomment to disable password login
    #
@@ -1031,7 +1019,7 @@ password_config:
 
 
 # Enable sending emails for password resets, notification events or
-# account expiry notices
+# account expiry notices.
 #
 # If your SMTP server requires authentication, the optional smtp_user &
 # smtp_pass variables should be used
diff --git a/synapse/config/emailconfig.py b/synapse/config/emailconfig.py
index 73479587df..06f230781b 100644
--- a/synapse/config/emailconfig.py
+++ b/synapse/config/emailconfig.py
@@ -77,6 +77,14 @@ class EmailConfig(Config):
         self.email_enable_password_reset_from_is = email_config.get(
             "enable_password_reset_from_is", False,
         )
+        self.enable_password_resets = (
+            self.email_enable_password_reset_from_is
+            or (not self.email_enable_password_reset_from_is and email_config != {})
+        )
+        if email_config == {} and not self.email_enable_password_reset_from_is:
+            logger.warn(
+                "User password resets have been disabled due to lack of email config."
+            )
 
         self.email_validation_token_lifetime = email_config.get(
             "validation_token_lifetime", 15 * 60,
@@ -206,7 +214,7 @@ class EmailConfig(Config):
     def default_config(self, config_dir_path, server_name, **kwargs):
         return """
         # Enable sending emails for password resets, notification events or
-        # account expiry notices
+        # account expiry notices.
         #
         # If your SMTP server requires authentication, the optional smtp_user &
         # smtp_pass variables should be used
diff --git a/synapse/config/password.py b/synapse/config/password.py
index db8dc31bc9..eea59e772b 100644
--- a/synapse/config/password.py
+++ b/synapse/config/password.py
@@ -21,8 +21,6 @@ class PasswordConfig(Config):
     """
 
     def read_config(self, config):
-        self.enable_password_resets = config.get("enable_password_resets", False)
-
         password_config = config.get("password_config", {})
         if password_config is None:
             password_config = {}
@@ -32,18 +30,6 @@ class PasswordConfig(Config):
 
     def default_config(self, config_dir_path, server_name, **kwargs):
         return """\
-        # Allow users to reset their password
-        #
-        # Resetting a user's password is done either by sending a token from
-        # Synapse, or asking an identity server to do so. In Synapse v1.0,
-        # sending a password reset token from an identity server was turned off
-        # by default for security reasons.
-        #
-        # If enable_password_reset_from_is is False, you must fill out the
-        # "email" section of the config before enabling password resets
-        #
-        #enable_password_resets: False
-
         password_config:
            # Uncomment to disable password login
            #