diff --git a/app/controllers/neopass_connections_controller.rb b/app/controllers/neopass_connections_controller.rb
index 050d755f..0baa7e0c 100644
--- a/app/controllers/neopass_connections_controller.rb
+++ b/app/controllers/neopass_connections_controller.rb
@@ -23,7 +23,7 @@ class NeopassConnectionsController < ApplicationController
 		# the provided user ID matches. The user ID param is only really for REST
 		# semantics and such!
 		raise AccessDenied unless user_signed_in?
-		raise AccessDenied unless current_user.id.to_s == params[:user_id]
+		raise AccessDenied unless current_user.id == params[:user_id].to_i
 		current_user
 	end
 end
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb
index 790296aa..4c9ba44f 100644
--- a/app/views/devise/registrations/edit.html.erb
+++ b/app/views/devise/registrations/edit.html.erb
@@ -53,7 +53,7 @@
 <% end %>
 
 <% if resource.neopass? %>
-  <%= form_with url: user_neopass_connection_path(resource), method: :delete,
+  <%= form_with url: user_neopass_connection_path(resource.user), method: :delete,
       class: "settings-form", data: {
         turbo_confirm: "Are you sure? Without a NeoPass, you'll need to use " +
           "your password or your recovery email \"#{resource.email}\" to " +