diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index 667be8b98027524f12870d34433603d679df68e1..bd2268aa048b53e1c96465a296381bb2f81c81fa 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -122,6 +122,14 @@ class Hooks {
 		return $result;
 	}
 
+	/**
+	 * remove keys from session during logout
+	 */
+	public static function logout() {
+		$session = new \OCA\Encryption\Session(new \OC\Files\View());
+		$session->removeKeys();
+	}
+
 	/**
 	 * setup encryption backend upon user created
 	 * @note This method should never be called for users using client side encryption
@@ -173,7 +181,6 @@ class Hooks {
 	 * @param array $params keys: uid, password
 	 */
 	public static function setPassphrase($params) {
-
 		if (\OCP\App::isEnabled('files_encryption') === false) {
 			return true;
 		}
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index ed42cec326af743a2b92f723a217cb43ff79d5fb..214e212b675403a9959beddef3942782569b2129 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -49,6 +49,7 @@ class Helper {
 	public static function registerUserHooks() {
 
 		\OCP\Util::connectHook('OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login');
+		\OCP\Util::connectHook('OC_User', 'logout', 'OCA\Encryption\Hooks', 'logout');
 		\OCP\Util::connectHook('OC_User', 'post_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase');
 		\OCP\Util::connectHook('OC_User', 'pre_setPassword', 'OCA\Encryption\Hooks', 'preSetPassphrase');
 		\OCP\Util::connectHook('OC_User', 'post_createUser', 'OCA\Encryption\Hooks', 'postCreateUser');
diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php
index 4b28f0ce676824464c80c06b56dce3cf3cc90fce..84599181ba2166437fef8279816b6ec18bbef6a1 100644
--- a/apps/files_encryption/lib/session.php
+++ b/apps/files_encryption/lib/session.php
@@ -121,6 +121,14 @@ class Session {
 
 	}
 
+	/**
+	 * remove keys from session
+	 */
+	public function removeKeys() {
+		\OC::$session->remove('publicSharePrivateKey');
+		\OC::$session->remove('privateKey');
+	}
+
 	/**
 	 * Sets status of encryption app
 	 * @param string $init INIT_SUCCESSFUL, INIT_EXECUTED, NOT_INITIALIZED
diff --git a/apps/files_encryption/templates/settings-personal.php b/apps/files_encryption/templates/settings-personal.php
index 3d44b9fa9a59967b0fa931b317c2808a7a1eeed8..832eb75e23dcc3239f70e7955a65284fc04755f9 100644
--- a/apps/files_encryption/templates/settings-personal.php
+++ b/apps/files_encryption/templates/settings-personal.php
@@ -9,14 +9,13 @@
 		<p>
 			<a name="changePKPasswd" />
 			<label for="changePrivateKeyPasswd">
-				<?php p( $l->t( "Your private key password no longer match your log-in password:" ) ); ?>
+				<em><?php p( $l->t( "Your private key password no longer match your log-in password." ) ); ?></em>
 			</label>
 			<br />
-			<em><?php p( $l->t( "Set your old private key password to your current log-in password." ) ); ?>
+			<?php p( $l->t( "Set your old private key password to your current log-in password:" ) ); ?>
 			<?php if (  $_["recoveryEnabledForUser"] ):
 					p( $l->t( " If you don't remember your old password you can ask your administrator to recover your files." ) );
 			endif; ?>
-			</em>
 			<br />
 			<input
 				type="password"