diff --git a/README.md b/README.md
index b0c857e..fb7c87b 100644
--- a/README.md
+++ b/README.md
@@ -705,13 +705,21 @@ You may provide security-conscious (and experienced) users with the possibility
 
 ```php
 try {
-    $auth->setPasswordResetEnabled($_POST['enabled'] == 1);
+    if ($auth->reconfirmPassword($_POST['password'])) {
+        $auth->setPasswordResetEnabled($_POST['enabled'] == 1);
 
-    // the settings have been changed
+        // the settings have been changed
+    }
+    else {
+        // we can't say if the user is who they claim to be
+    }
 }
 catch (\Delight\Auth\NotLoggedInException $e) {
     // the user is not signed in
 }
+catch (\Delight\Auth\TooManyRequestsException $e) {
+    // too many requests
+}
 ```
 
 In order to check the current value of this setting, use the return value from