diff --git a/handlers.go b/handlers.go
index 7234a88..57fa72a 100644
--- a/handlers.go
+++ b/handlers.go
@@ -17,6 +17,11 @@ import (
 	"github.com/thermokarst/jwt"
 )
 
+var (
+	config *jwt.Config
+	j      *jwt.Middleware
+)
+
 type Claims struct {
 	Name string
 	Iss  string
@@ -59,13 +64,14 @@ func Handler() http.Handler {
 		return nil
 	}
 
-	config := &jwt.Config{
+	config = &jwt.Config{
 		Secret: os.Getenv("SECRET"),
 		Auth:   dbAuthenticate,
 		Claims: claimsFunc,
 	}
 
-	j, err := jwt.New(config)
+	var err error
+	j, err = jwt.New(config)
 	if err != nil {
 		panic(err)
 	}
@@ -77,13 +83,14 @@ func Handler() http.Handler {
 	characteristicService := CharacteristicService{}
 	measurementService := MeasurementService{}
 
-	m.Handle("/authenticate", tokenHandler(j.GenerateToken())).Methods("POST")
+	m.Handle("/authenticate", tokenHandler(j.Authenticate())).Methods("POST")
 
 	// Everything past here is lumped under a genus
 	s := m.PathPrefix("/{genus}").Subrouter()
 
 	s.Handle("/users", errorHandler(handleCreater(userService))).Methods("POST")
 	s.Handle("/users/verify/{Nonce}", errorHandler(handleUserVerify)).Methods("GET")
+	s.Handle("/users/lockout", errorHandler(handleUserLockout)).Methods("POST")
 
 	type r struct {
 		f errorHandler
diff --git a/users.go b/users.go
index b59dc4c..3cfa70e 100644
--- a/users.go
+++ b/users.go
@@ -304,3 +304,45 @@ func handleUserVerify(w http.ResponseWriter, r *http.Request) *appError {
 	fmt.Fprintln(w, `{"msg":"All set! Please log in."}`)
 	return nil
 }
+
+func handleUserLockout(w http.ResponseWriter, r *http.Request) *appError {
+	email := r.FormValue("email")
+	if email == "" {
+		return newJSONError(errors.New("missing email"), http.StatusInternalServerError)
+	}
+	token, err := j.CreateToken(email)
+	if err != nil {
+		return newJSONError(err, http.StatusInternalServerError)
+	}
+	origin := r.Header.Get("Origin")
+	hostUrl, err := url.Parse(origin)
+	if err != nil {
+		return newJSONError(err, http.StatusInternalServerError)
+	}
+	hostUrl.Path += "/users/lockoutauthenticate"
+	params := url.Values{}
+	params.Add("token", token)
+	hostUrl.RawQuery = params.Encode()
+
+	// Send out email
+	mg, ok := mgAccts[origin]
+	if ok {
+		sender := fmt.Sprintf("%s Admin <admin@%s>", mg.Domain(), mg.Domain())
+		recipient := fmt.Sprintf("%s", email)
+		subject := fmt.Sprintf("Password Reset Request - %s", mg.Domain())
+		message := fmt.Sprintf("You are receiving this message because this email "+
+			"address was used in an account lockout request at %s. Please visit "+
+			"this URL to complete the process: %s. If you did not request help "+
+			"with a lockout, please disregard this message.",
+			mg.Domain(), hostUrl.String())
+		m := mailgun.NewMessage(sender, subject, message, recipient)
+		_, _, err := mg.Send(m)
+		if err != nil {
+			log.Printf("%+v\n", err)
+			return newJSONError(err, http.StatusInternalServerError)
+		}
+	}
+
+	fmt.Fprintln(w, `{}`)
+	return nil
+}