diff --git a/src/js/_enqueues/admin/user-profile.js b/src/js/_enqueues/admin/user-profile.js
index ec76df9c7f..862f6e123f 100644
--- a/src/js/_enqueues/admin/user-profile.js
+++ b/src/js/_enqueues/admin/user-profile.js
@@ -5,7 +5,6 @@
 /* global ajaxurl, pwsL10n, userProfileL10n */
 (function($) {
 	var updateLock = false,
-
 		$pass1Row,
 		$pass1Wrap,
 		$pass1,
@@ -17,27 +16,30 @@
 		$toggleButton,
 		$submitButtons,
 		$submitButton,
-		currentPass;
+		currentPass,
+		$passwordWrapper;
 
 	function generatePassword() {
 		if ( typeof zxcvbn !== 'function' ) {
 			setTimeout( generatePassword, 50 );
 			return;
-		} else if ( ! $pass1.val() ) {
+		} else if ( ! $pass1.val() || $passwordWrapper.hasClass( 'is-open' ) ) {
 			// zxcvbn loaded before user entered password.
 			$pass1.val( $pass1.data( 'pw' ) );
 			$pass1.trigger( 'pwupdate' );
 			showOrHideWeakPasswordCheckbox();
-		}
-		else {
+		} else {
 			// zxcvbn loaded after the user entered password, check strength.
 			check_pass_strength();
 			showOrHideWeakPasswordCheckbox();
 		}
 
+		// Install screen.
 		if ( 1 !== parseInt( $toggleButton.data( 'start-masked' ), 10 ) ) {
+			// Show the password not masked if admin_password hasn't been posted yet.
 			$pass1Wrap.addClass( 'show-password' );
 		} else {
+			// Otherwise, mask the password.
 			$toggleButton.trigger( 'click' );
 		}
 
@@ -101,8 +103,6 @@
 				.removeClass( 'dashicons-visibility' )
 				.addClass( 'dashicons-hidden' );
 
-		$pass1Text.focus();
-
 		$pass1Label.attr( 'for', 'pass1-text' );
 	}
 
@@ -113,10 +113,6 @@
 				$pass1Wrap.addClass( 'show-password' );
 
 				resetToggle();
-
-				if ( ! _.isUndefined( $pass1Text[0].setSelectionRange ) ) {
-					$pass1Text[0].setSelectionRange( 0, 100 );
-				}
 			} else {
 				$pass1Wrap.removeClass( 'show-password' );
 				$toggleButton
@@ -131,26 +127,19 @@
 						.removeClass('dashicons-hidden')
 						.addClass('dashicons-visibility');
 
-				$pass1.focus();
-
 				$pass1Label.attr( 'for', 'pass1' );
-
-				if ( ! _.isUndefined( $pass1[0].setSelectionRange ) ) {
-					$pass1[0].setSelectionRange( 0, 100 );
-				}
 			}
 		});
 	}
 
 	function bindPasswordForm() {
-		var $passwordWrapper,
-			$generateButton,
+		var $generateButton,
 			$cancelButton;
 
 		$pass1Row = $('.user-pass1-wrap');
-		$pass1Label = $pass1Row.find('th label').attr( 'for', 'pass1-text' );
+		$pass1Label = $pass1Row.find( '.user-pass1-label' ).attr( 'for', 'pass1-text' );
 
-		// hide this
+		// Hide the Repeat Password field.
 		$('.user-pass2-wrap').hide();
 
 		$submitButton = $( '#submit, #wp-submit' ).on( 'click', function () {
@@ -170,7 +159,7 @@
 			bindPass1();
 		}
 
-		/**
+		/*
 		 * Fix a LastPass mismatch issue, LastPass only changes pass2.
 		 *
 		 * This fixes the issue by copying any changes from the hidden
@@ -197,66 +186,37 @@
 
 		bindToggleButton();
 
-		if ( $generateButton.length ) {
-			$passwordWrapper.hide();
-		}
-
-		$generateButton.show();
 		$generateButton.on( 'click', function () {
 			updateLock = true;
 
-			$generateButton.hide();
-			$passwordWrapper.show();
+			$generateButton.attr( 'aria-expanded', 'true' );
+
+			$passwordWrapper
+				.show()
+				.addClass( 'is-open' );
 
 			// Enable the inputs when showing.
 			$pass1.attr( 'disabled', false );
 			$pass2.attr( 'disabled', false );
 			$pass1Text.attr( 'disabled', false );
 
-			if ( $pass1Text.val().length === 0 ) {
-				generatePassword();
-			}
-
-			_.defer( function() {
-				$pass1Text.focus();
-				if ( ! _.isUndefined( $pass1Text[0].setSelectionRange ) ) {
-					$pass1Text[0].setSelectionRange( 0, 100 );
-				}
-			}, 0 );
-		} );
-
-		$cancelButton = $pass1Row.find( 'button.wp-cancel-pw' );
-		$cancelButton.on( 'click', function () {
-			updateLock = false;
-
-			// Clear any entered password.
-			$pass1Text.val( '' );
-
+			// Always generate a password when clicking the button.
 			// Generate a new password.
 			wp.ajax.post( 'generate-password' )
 				.done( function( data ) {
 					$pass1.data( 'pw', data );
+					generatePassword();
+					resetToggle();
 				} );
+		} );
 
-			$generateButton.show();
-			$passwordWrapper.hide();
-
-			$weakRow.hide( 0, function () {
-				$weakCheckbox.removeProp( 'checked' );
-			} );
-
-			// Disable the inputs when hiding to prevent autofill and submission.
-			$pass1.prop( 'disabled', true );
-			$pass2.prop( 'disabled', true );
-			$pass1Text.prop( 'disabled', true );
-
-			resetToggle();
+		$cancelButton = $pass1Row.find( 'button.wp-cancel-pw' );
+		$cancelButton.on( 'click', function () {
+			updateLock = false;
 
-			if ( $pass1Row.closest( 'form' ).is( '#your-profile' ) ) {
-				// Clear password field to prevent update
-				$pass1.val( '' ).trigger( 'pwupdate' );
-				$submitButtons.prop( 'disabled', false );
-			}
+			// Clear password field to prevent update.
+			$pass1Text.val( '' );
+			$pass1.val( '' ).trigger( 'pwupdate' );
 		} );
 
 		$pass1Row.closest( 'form' ).on( 'submit', function () {
@@ -365,8 +325,9 @@
 				});
 			});
 
-			/**
-			 * Replaces "Howdy, *" in the admin toolbar whenever the display name dropdown is updated for one's own profile.
+			/*
+			 * Replaces "Howdy, *" in the admin toolbar whenever the display name
+			 * dropdown is updated for one's own profile.
 			 */
 			select.on( 'change', function() {
 				if ( user_id !== current_user_id ) {
@@ -452,7 +413,7 @@
 
 	window.generatePassword = generatePassword;
 
-	/* Warn the user if password was generated but not saved */
+	// Warn the user if password was generated but not saved.
 	$( window ).on( 'beforeunload', function () {
 		if ( true === updateLock ) {
 			return userProfileL10n.warn;
diff --git a/src/wp-admin/css/forms.css b/src/wp-admin/css/forms.css
index 3013434604..74fdd57c89 100644
--- a/src/wp-admin/css/forms.css
+++ b/src/wp-admin/css/forms.css
@@ -455,6 +455,10 @@ fieldset label,
 	vertical-align: baseline;
 }
 
+.wp-generate-pw + .wp-pwd {
+	margin-top: 1em;
+}
+
 #pass-strength-result {
 	background-color: #eee;
 	border: 1px solid #ddd;
diff --git a/src/wp-admin/css/login.css b/src/wp-admin/css/login.css
index 686be7dde9..ff6f47cf07 100644
--- a/src/wp-admin/css/login.css
+++ b/src/wp-admin/css/login.css
@@ -79,22 +79,32 @@ p {
 }
 
 .login .password-input-wrapper {
-    display: table;
+	display: table;
 }
 
 .login .input.password-input {
-    display: table-cell;
-    margin: 0;
+	display: table-cell;
+	margin: 0;
 }
 
 .login .pw-weak {
-    margin-bottom: 15px;
+	margin-bottom: 15px;
+}
+
+.login .wp-hide-pw-wrapper {
+	display: table-cell;
+	vertical-align: top;
 }
 
 .login .button.button-secondary {
-    display: table-cell;
-    border-radius: 0;
-    vertical-align: middle;
+	height: 36px;
+	margin: 0;
+	border-radius: 0;
+	line-height: normal;
+}
+
+.login .wp-hide-pw .dashicons {
+	position: static;
 }
 
 .login form {
diff --git a/src/wp-admin/install.php b/src/wp-admin/install.php
index 4ee27d6100..42c4d9e6d0 100644
--- a/src/wp-admin/install.php
+++ b/src/wp-admin/install.php
@@ -137,7 +137,7 @@ function display_setup_form( $error = null ) {
 		<?php if ( ! $user_table ) : ?>
 		<tr class="form-field form-required user-pass1-wrap">
 			<th scope="row">
-				<label for="pass1">
+				<label for="pass1" class="user-pass1-label">
 					<?php _e( 'Password' ); ?>
 				</label>
 			</th>
diff --git a/src/wp-admin/user-edit.php b/src/wp-admin/user-edit.php
index 521a8e290d..ba58f52d46 100644
--- a/src/wp-admin/user-edit.php
+++ b/src/wp-admin/user-edit.php
@@ -610,10 +610,10 @@ endif; //!IS_PROFILE_PAGE
 	<h2><?php _e( 'Account Management' ); ?></h2>
 <table class="form-table">
 <tr id="password" class="user-pass1-wrap">
-	<th><label for="pass1"><?php _e( 'New Password' ); ?></label></th>
+	<th><label for="pass1" class="user-pass1-label"><?php _e( 'New Password' ); ?></label></th>
 	<td>
 		<input class="hidden" value=" " /><!-- #24364 workaround -->
-		<button type="button" class="button wp-generate-pw hide-if-no-js"><?php _e( 'Generate Password' ); ?></button>
+		<button type="button" class="button wp-generate-pw hide-if-no-js" aria-expanded="false"><?php _e( 'Set New Password' ); ?></button>
 		<div class="wp-pwd hide-if-js">
 			<span class="password-input-wrapper">
 				<input type="password" name="pass1" id="pass1" class="regular-text" value="" autocomplete="off" data-pw="<?php echo esc_attr( wp_generate_password( 24 ) ); ?>" aria-describedby="pass-strength-result" />
@@ -622,7 +622,7 @@ endif; //!IS_PROFILE_PAGE
 				<span class="dashicons dashicons-hidden"></span>
 				<span class="text"><?php _e( 'Hide' ); ?></span>
 			</button>
-			<button type="button" class="button wp-cancel-pw hide-if-no-js" data-toggle="0" aria-label="<?php esc_attr_e( 'Cancel password change' ); ?>">
+			<button type="button" class="button wp-cancel-pw hide-if-no-js" data-toggle="0" aria-label="<?php esc_attr_e( 'Cancel' ); ?>">
 				<span class="text"><?php _e( 'Cancel' ); ?></span>
 			</button>
 			<div style="display:none" id="pass-strength-result" aria-live="polite"></div>
@@ -632,8 +632,12 @@ endif; //!IS_PROFILE_PAGE
 <tr class="user-pass2-wrap hide-if-js">
 	<th scope="row"><label for="pass2"><?php _e( 'Repeat New Password' ); ?></label></th>
 	<td>
-	<input name="pass2" type="password" id="pass2" class="regular-text" value="" autocomplete="off" />
-	<p class="description"><?php _e( 'Type your new password again.' ); ?></p>
+	<input name="pass2" type="password" id="pass2" class="regular-text" value="" autocomplete="off" aria-describedby="pass2-desc" />
+	<?php if ( IS_PROFILE_PAGE ) : ?>
+		<p class="description" id="pass2-desc"><?php _e( 'Type your new password again.' ); ?></p>
+	<?php else : ?>
+		<p class="description" id="pass2-desc"><?php _e( 'Type the new password again.' ); ?></p>
+	<?php endif; ?>
 	</td>
 </tr>
 <tr class="pw-weak">
@@ -641,7 +645,7 @@ endif; //!IS_PROFILE_PAGE
 	<td>
 		<label>
 			<input type="checkbox" name="pw_weak" class="pw-checkbox" />
-			<span id="pw-weak-text-label"><?php _e( 'Confirm use of potentially weak password' ); ?></span>
+			<span id="pw-weak-text-label"><?php _e( 'Confirm use of weak password' ); ?></span>
 		</label>
 	</td>
 </tr>
diff --git a/src/wp-admin/user-new.php b/src/wp-admin/user-new.php
index 48387b0373..3be147c0e5 100644
--- a/src/wp-admin/user-new.php
+++ b/src/wp-admin/user-new.php
@@ -490,14 +490,14 @@ if ( current_user_can( 'create_users' ) ) {
 	</tr>
 	<tr class="form-field form-required user-pass1-wrap">
 		<th scope="row">
-			<label for="pass1">
+			<label for="pass1" class="user-pass1-label">
 				<?php _e( 'Password' ); ?>
 				<span class="description hide-if-js"><?php _e( '(required)' ); ?></span>
 			</label>
 		</th>
 		<td>
 			<input class="hidden" value=" " /><!-- #24364 workaround -->
-			<button type="button" class="button wp-generate-pw hide-if-no-js"><?php _e( 'Show password' ); ?></button>
+			<button type="button" class="button wp-generate-pw hide-if-no-js" aria-expanded="false"><?php _e( 'Set New Password' ); ?></button>
 			<div class="wp-pwd hide-if-js">
 				<?php $initial_password = wp_generate_password( 24 ); ?>
 				<span class="password-input-wrapper">
@@ -507,7 +507,7 @@ if ( current_user_can( 'create_users' ) ) {
 					<span class="dashicons dashicons-hidden"></span>
 					<span class="text"><?php _e( 'Hide' ); ?></span>
 				</button>
-				<button type="button" class="button wp-cancel-pw hide-if-no-js" data-toggle="0" aria-label="<?php esc_attr_e( 'Cancel password change' ); ?>">
+				<button type="button" class="button wp-cancel-pw hide-if-no-js" data-toggle="0" aria-label="<?php esc_attr_e( 'Cancel' ); ?>">
 					<span class="text"><?php _e( 'Cancel' ); ?></span>
 				</button>
 				<div style="display:none" id="pass-strength-result" aria-live="polite"></div>
@@ -517,7 +517,8 @@ if ( current_user_can( 'create_users' ) ) {
 	<tr class="form-field form-required user-pass2-wrap hide-if-js">
 		<th scope="row"><label for="pass2"><?php _e( 'Repeat Password' ); ?> <span class="description"><?php _e( '(required)' ); ?></span></label></th>
 		<td>
-		<input name="pass2" type="password" id="pass2" autocomplete="off" />
+		<input name="pass2" type="password" id="pass2" autocomplete="off" aria-describedby="pass2-desc" />
+		<p class="description" id="pass2-desc"><?php _e( 'Type the password again.' ); ?></p>
 		</td>
 	</tr>
 	<tr class="pw-weak">
diff --git a/src/wp-login.php b/src/wp-login.php
index 1a302a35f1..06876d788d 100644
--- a/src/wp-login.php
+++ b/src/wp-login.php
@@ -706,15 +706,17 @@ switch ( $action ) {
 
 	<div class="user-pass1-wrap">
 		<p>
-			<label for="pass1"><?php _e( 'New password' ); ?></label>
+			<label for="pass1" class="user-pass1-label"><?php _e( 'New password' ); ?></label>
 		</p>
 
-		<div class="wp-pwd">
+		<div class="login-wp-pwd">
 			<div class="password-input-wrapper">
 				<input type="password" data-reveal="1" data-pw="<?php echo esc_attr( wp_generate_password( 16 ) ); ?>" name="pass1" id="pass1" class="input password-input" size="24" value="" autocomplete="off" aria-describedby="pass-strength-result" />
-				<span class="button button-secondary wp-hide-pw hide-if-no-js">
-					<span class="dashicons dashicons-hidden"></span>
-				</span>
+				<span class="wp-hide-pw-wrapper">
+					<button type="button" class="button button-secondary wp-hide-pw hide-if-no-js">
+						<span class="dashicons dashicons-hidden"></span>
+					</button>
+			</span>
 			</div>
 			<div id="pass-strength-result" class="hide-if-no-js" aria-live="polite"><?php _e( 'Strength indicator' ); ?></div>
 		</div>