diff --git a/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc b/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc
index 40a94f6b6..74eec08d3 100644
--- a/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc
+++ b/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc
@@ -6,8 +6,8 @@ When creating a password reset link you need to make sure:
 - It can only be used once
 - The link is only valid for a limited amount of time.
 
-Send a link with a random token means an attacker cannot start a simple DOS attack to your website by starting to
-block users. The link should not be used more than once which makes it impossible to change the password again.
+Sending a link with a random token means an attacker cannot start a simple DOS attack to your website by starting to
+block users. The link should not be usable more than once which makes it impossible to change the password again.
 The time out is necessary to restrict the attack window, having a link opens up a lot of possibilities for the attacker.
 
 == Assignment