diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index 5c09dd5362fd..43513427ed75 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -167,6 +167,19 @@ def test_creation(self):
 
         assert form.user_service is user_service
 
+    def test_validate_confirm_password(self):
+        user_service = pretend.stub(
+            find_userid=pretend.call_recorder(lambda userid: 1),
+            check_password=pretend.call_recorder(
+                lambda userid, password, tags=None: True
+            ),
+        )
+        form = forms.DeleteTOTPForm(
+            username="username", user_service=user_service, password="password"
+        )
+
+        assert form.validate()
+
 
 class TestProvisionWebAuthnForm:
     def test_creation(self):
@@ -433,16 +446,26 @@ def test_validate_token_scope_valid_project(self):
 class TestDeleteMacaroonForm:
     def test_creation(self):
         macaroon_service = pretend.stub()
-        form = forms.DeleteMacaroonForm(macaroon_service=macaroon_service)
+        user_service = pretend.stub()
+        form = forms.DeleteMacaroonForm(
+            macaroon_service=macaroon_service, user_service=user_service
+        )
 
         assert form.macaroon_service is macaroon_service
+        assert form.user_service is user_service
 
     def test_validate_macaroon_id_invalid(self):
         macaroon_service = pretend.stub(
             find_macaroon=pretend.call_recorder(lambda id: None)
         )
+        user_service = pretend.stub(
+            find_userid=lambda *a, **kw: 1, check_password=lambda *a, **kw: True
+        )
         form = forms.DeleteMacaroonForm(
-            data={"macaroon_id": pretend.stub()}, macaroon_service=macaroon_service
+            data={"macaroon_id": pretend.stub(), "password": "password"},
+            macaroon_service=macaroon_service,
+            user_service=user_service,
+            username="username",
         )
 
         assert not form.validate()
@@ -452,8 +475,14 @@ def test_validate_macaroon_id(self):
         macaroon_service = pretend.stub(
             find_macaroon=pretend.call_recorder(lambda id: pretend.stub())
         )
+        user_service = pretend.stub(
+            find_userid=lambda *a, **kw: 1, check_password=lambda *a, **kw: True
+        )
         form = forms.DeleteMacaroonForm(
-            data={"macaroon_id": pretend.stub()}, macaroon_service=macaroon_service
+            data={"macaroon_id": pretend.stub(), "password": "password"},
+            macaroon_service=macaroon_service,
+            username="username",
+            user_service=user_service,
         )
 
         assert form.validate()
diff --git a/tests/unit/manage/test_views.py b/tests/unit/manage/test_views.py
index abe717be5cd9..beda096d2fdd 100644
--- a/tests/unit/manage/test_views.py
+++ b/tests/unit/manage/test_views.py
@@ -1080,7 +1080,7 @@ def test_delete_totp(self, monkeypatch, db_request):
             record_event=pretend.call_recorder(lambda *a, **kw: None),
         )
         request = pretend.stub(
-            POST={"confirm_username": pretend.stub()},
+            POST={"confirm_password": pretend.stub()},
             session=pretend.stub(flash=pretend.call_recorder(lambda *a, **kw: None)),
             find_service=lambda *a, **kw: user_service,
             user=pretend.stub(
@@ -1123,13 +1123,13 @@ def test_delete_totp(self, monkeypatch, db_request):
             )
         ]
 
-    def test_delete_totp_bad_username(self, monkeypatch, db_request):
+    def test_delete_totp_bad_password(self, monkeypatch, db_request):
         user_service = pretend.stub(
             get_totp_secret=lambda id: b"secret",
             update_user=pretend.call_recorder(lambda *a, **kw: None),
         )
         request = pretend.stub(
-            POST={"confirm_username": pretend.stub()},
+            POST={"confirm_password": pretend.stub()},
             session=pretend.stub(flash=pretend.call_recorder(lambda *a, **kw: None)),
             find_service=lambda *a, **kw: user_service,
             user=pretend.stub(
@@ -1151,7 +1151,7 @@ def test_delete_totp_bad_username(self, monkeypatch, db_request):
 
         assert user_service.update_user.calls == []
         assert request.session.flash.calls == [
-            pretend.call("Invalid credentials", queue="error")
+            pretend.call("Invalid credentials. Try again", queue="error")
         ]
         assert isinstance(result, HTTPSeeOther)
         assert result.headers["Location"] == "/foo/bar/"
@@ -1162,7 +1162,7 @@ def test_delete_totp_not_provisioned(self, monkeypatch, db_request):
             update_user=pretend.call_recorder(lambda *a, **kw: None),
         )
         request = pretend.stub(
-            POST={"confirm_username": pretend.stub()},
+            POST={"confirm_password": pretend.stub()},
             session=pretend.stub(flash=pretend.call_recorder(lambda *a, **kw: None)),
             find_service=lambda *a, **kw: user_service,
             user=pretend.stub(
@@ -1469,7 +1469,7 @@ def test_default_response(self, monkeypatch):
         )
 
         request = pretend.stub(
-            user=pretend.stub(id=pretend.stub()),
+            user=pretend.stub(id=pretend.stub(), username=pretend.stub()),
             find_service=lambda interface, **kw: {
                 IMacaroonService: pretend.stub(),
                 IUserService: pretend.stub(),
@@ -1767,7 +1767,7 @@ def test_delete_macaroon_invalid_form(self, monkeypatch):
             delete_macaroon=pretend.call_recorder(lambda id: pretend.stub())
         )
         request = pretend.stub(
-            POST={},
+            POST={"confirm_password": "password", "macaroon_id": "macaroon_id"},
             route_path=pretend.call_recorder(lambda x: pretend.stub()),
             find_service=lambda interface, **kw: {
                 IMacaroonService: macaroon_service,
@@ -1775,6 +1775,8 @@ def test_delete_macaroon_invalid_form(self, monkeypatch):
             }[interface],
             referer="/fake/safe/route",
             host=None,
+            user=pretend.stub(username=pretend.stub()),
+            session=pretend.stub(flash=pretend.call_recorder(lambda *a, **kw: None)),
         )
 
         delete_macaroon_obj = pretend.stub(validate=lambda: False)
@@ -1790,13 +1792,16 @@ def test_delete_macaroon_invalid_form(self, monkeypatch):
         assert isinstance(result, HTTPSeeOther)
         assert result.location == "/fake/safe/route"
         assert macaroon_service.delete_macaroon.calls == []
+        assert request.session.flash.calls == [
+            pretend.call("Invalid credentials. Try again", queue="error")
+        ]
 
     def test_delete_macaroon_dangerous_redirect(self, monkeypatch):
         macaroon_service = pretend.stub(
             delete_macaroon=pretend.call_recorder(lambda id: pretend.stub())
         )
         request = pretend.stub(
-            POST={},
+            POST={"confirm_password": "password", "macaroon_id": "macaroon_id"},
             route_path=pretend.call_recorder(lambda x: "/safe/route"),
             find_service=lambda interface, **kw: {
                 IMacaroonService: macaroon_service,
@@ -1804,6 +1809,8 @@ def test_delete_macaroon_dangerous_redirect(self, monkeypatch):
             }[interface],
             referer="http://google.com/",
             host=None,
+            user=pretend.stub(username=pretend.stub()),
+            session=pretend.stub(flash=pretend.call_recorder(lambda *a, **kw: None)),
         )
 
         delete_macaroon_obj = pretend.stub(validate=lambda: False)
@@ -1833,7 +1840,7 @@ def test_delete_macaroon(self, monkeypatch):
         )
         user_service = pretend.stub(record_event=record_event)
         request = pretend.stub(
-            POST={},
+            POST={"confirm_password": "password", "macaroon_id": "macaroon_id"},
             route_path=pretend.call_recorder(lambda x: pretend.stub()),
             find_service=lambda interface, **kw: {
                 IMacaroonService: macaroon_service,
@@ -1842,7 +1849,7 @@ def test_delete_macaroon(self, monkeypatch):
             session=pretend.stub(flash=pretend.call_recorder(lambda *a, **kw: None)),
             referer="/fake/safe/route",
             host=None,
-            user=pretend.stub(id=pretend.stub()),
+            user=pretend.stub(id=pretend.stub(), username=pretend.stub()),
             remote_addr="0.0.0.0",
         )
 
@@ -1892,7 +1899,7 @@ def test_delete_macaroon_records_events_for_each_project(self, monkeypatch):
         )
         user_service = pretend.stub(record_event=record_event)
         request = pretend.stub(
-            POST={},
+            POST={"confirm_password": pretend.stub(), "macaroon_id": pretend.stub()},
             route_path=pretend.call_recorder(lambda x: pretend.stub()),
             find_service=lambda interface, **kw: {
                 IMacaroonService: macaroon_service,
diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 64dcf92ee79e..408fadd64d40 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -87,9 +87,9 @@ def __init__(self, *args, user_service, **kwargs):
         self.user_service = user_service
 
 
-class DeleteTOTPForm(UsernameMixin, forms.Form):
+class DeleteTOTPForm(UsernameMixin, PasswordMixin, forms.Form):
 
-    __params__ = ["confirm_username"]
+    __params__ = ["confirm_password"]
 
     def __init__(self, *args, user_service, **kwargs):
         super().__init__(*args, **kwargs)
@@ -246,15 +246,16 @@ def validate_token_scope(self, field):
         self.validated_scope = {"projects": [scope_value]}
 
 
-class DeleteMacaroonForm(forms.Form):
-    __params__ = ["macaroon_id"]
+class DeleteMacaroonForm(UsernameMixin, PasswordMixin, forms.Form):
+    __params__ = ["confirm_password", "macaroon_id"]
 
     macaroon_id = wtforms.StringField(
         validators=[wtforms.validators.DataRequired(message="Identifier required")]
     )
 
-    def __init__(self, *args, macaroon_service, **kwargs):
+    def __init__(self, *args, macaroon_service, user_service, **kwargs):
         super().__init__(*args, **kwargs)
+        self.user_service = user_service
         self.macaroon_service = macaroon_service
 
     def validate_macaroon_id(self, field):
diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index 720c76a5dd36..df49a3c0f270 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -470,7 +470,7 @@ def delete_totp(self):
             return HTTPSeeOther(self.request.route_path("manage.account"))
 
         form = DeleteTOTPForm(
-            **self.request.POST,
+            password=self.request.POST["confirm_password"],
             username=self.request.user.username,
             user_service=self.user_service,
         )
@@ -489,7 +489,7 @@ def delete_totp(self):
                 queue="success",
             )
         else:
-            self.request.session.flash("Invalid credentials", queue="error")
+            self.request.session.flash("Invalid credentials. Try again", queue="error")
 
         return HTTPSeeOther(self.request.route_path("manage.account"))
 
@@ -631,7 +631,9 @@ def default_response(self):
                 project_names=self.project_names,
             ),
             "delete_macaroon_form": DeleteMacaroonForm(
-                macaroon_service=self.macaroon_service
+                username=self.request.user.username,
+                user_service=self.user_service,
+                macaroon_service=self.macaroon_service,
             ),
         }
 
@@ -699,7 +701,11 @@ def create_macaroon(self):
     @view_config(request_method="POST", request_param=DeleteMacaroonForm.__params__)
     def delete_macaroon(self):
         form = DeleteMacaroonForm(
-            **self.request.POST, macaroon_service=self.macaroon_service
+            password=self.request.POST["confirm_password"],
+            macaroon_id=self.request.POST["macaroon_id"],
+            macaroon_service=self.macaroon_service,
+            username=self.request.user.username,
+            user_service=self.user_service,
         )
 
         if form.validate():
@@ -730,6 +736,8 @@ def delete_macaroon(self):
             self.request.session.flash(
                 f"Deleted API token '{macaroon.description}'.", queue="success"
             )
+        else:
+            self.request.session.flash("Invalid credentials. Try again", queue="error")
 
         redirect_to = self.request.referer
         if not is_safe_url(redirect_to, host=self.request.host):
diff --git a/warehouse/static/js/warehouse/controllers/confirm_controller.js b/warehouse/static/js/warehouse/controllers/confirm_controller.js
index a008a558ca8a..9c18c9349f37 100644
--- a/warehouse/static/js/warehouse/controllers/confirm_controller.js
+++ b/warehouse/static/js/warehouse/controllers/confirm_controller.js
@@ -22,14 +22,6 @@ export default class extends Controller {
     this.buttonTarget.disabled = true;
   }
 
-  cancel() {
-    // Cancel button is a button (not an `a`) so we need to do close the
-    // modal manually
-    window.location.href = "#modal-close";
-    this.inputTarget.value = "";
-    this.buttonTarget.disabled = true;
-  }
-
   check() {
     if (this.inputTarget.value == this.buttonTarget.dataset.expected) {
       this.buttonTarget.disabled = false;
diff --git a/warehouse/static/js/warehouse/controllers/confirm_password_controller.js b/warehouse/static/js/warehouse/controllers/confirm_password_controller.js
new file mode 100644
index 000000000000..518989a25c96
--- /dev/null
+++ b/warehouse/static/js/warehouse/controllers/confirm_password_controller.js
@@ -0,0 +1,33 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+import { Controller } from "stimulus";
+
+export default class extends Controller {
+  static targets = [ "button", "password", "showPassword" ]
+
+  connect() {
+    this.buttonTarget.disabled = true;
+    this.setPasswordVisibility();
+  }
+
+  setPasswordVisibility() {
+    this.passwordTarget.type = this.showPasswordTarget.checked ? "text" : "password";
+  }
+
+  check() {
+    this.buttonTarget.disabled = this.passwordTarget.value.trim() === "";
+  }
+}
diff --git a/warehouse/static/js/warehouse/controllers/modal_close_controller.js b/warehouse/static/js/warehouse/controllers/modal_close_controller.js
new file mode 100644
index 000000000000..e8e4832d2b5d
--- /dev/null
+++ b/warehouse/static/js/warehouse/controllers/modal_close_controller.js
@@ -0,0 +1,28 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+import { Controller } from "stimulus";
+
+export default class extends Controller {
+  static targets = [ "input", "button" ]
+
+  cancel() {
+    // Cancel button is a button (not an `a`) so we need to do close the
+    // modal manually
+    window.location.href = "#modal-close";
+    this.inputTarget.value = "";
+    this.buttonTarget.disabled = true;
+  }
+}
diff --git a/warehouse/static/sass/blocks/_modal.scss b/warehouse/static/sass/blocks/_modal.scss
index 70962bce24d9..44e1309fcee9 100644
--- a/warehouse/static/sass/blocks/_modal.scss
+++ b/warehouse/static/sass/blocks/_modal.scss
@@ -100,6 +100,11 @@
   &__form {
     label {
       font-weight: bold;
+
+      input {
+        width: auto;
+        min-width: auto;
+      }
     }
 
     input {
diff --git a/warehouse/templates/manage/account.html b/warehouse/templates/manage/account.html
index 67646f9cbe0a..5c695c38fe94 100644
--- a/warehouse/templates/manage/account.html
+++ b/warehouse/templates/manage/account.html
@@ -202,8 +202,7 @@
       {% set token_warning_text %}
         <p>Applications or scripts using this token will no longer have access to PyPI.</p>
       {% endset %}
-
-      {{ confirm_modal(title=title, confirm_name="Username", confirm_string=user.username, confirm_button_label=confirm_button_label, slug=slug, extra_fields=extra_fields, action=action, custom_warning_text=token_warning_text, confirm_string_in_title=False) }}
+      {{ confirm_password_modal(title=title, confirm_button_label=confirm_button_label, slug=slug, extra_fields=extra_fields, action=action, custom_warning_text=token_warning_text) }}
 
       {# modal to view token ID #}
       <div id="view-identifier--{{ macaroon.id }}" class="modal">
@@ -421,10 +420,12 @@ <h2 class="sub-title">Two factor authentication (2FA)</h2>
             <th scope="row">Authentication application (TOTP)</th>
             <td class="table__action">
               <a href="#disable-totp" class="button button--primary">Remove</a>
-              {% set title="Remove authentication application" %}
-              {% set confirm_button_label="Remove application" %}
-              {% set action="/manage/account/totp-provision" %}
-              {{ confirm_modal(title=title, confirm_name="Username", confirm_string=user.username, confirm_button_label=confirm_button_label, slug="disable-totp", action=action, warning=False, confirm_string_in_title=False) }}
+              {# modal to remove TOTP #}
+              {% set slug="disable-totp" %}
+              {% set title="Disable 2FA by TOTP application?" %}
+              {% set action=request.route_path('manage.account.totp-provision') %}
+              {% set confirm_button_label="Disable TOTP application" %}
+              {{ confirm_password_modal(slug=slug, title=title, action=action, confirm_button_label=confirm_button_label) }}
             </td>
           </tr>
           {% endif %}
diff --git a/warehouse/templates/manage/manage_base.html b/warehouse/templates/manage/manage_base.html
index 9b1e2b947a01..6ed3e9cc8d0b 100644
--- a/warehouse/templates/manage/manage_base.html
+++ b/warehouse/templates/manage/manage_base.html
@@ -79,7 +79,6 @@ <h3 class="sidebar-section__title">Your account</h3>
   slug,
   context,
   confirm_button_label=None,
-  index=None,
   extra_fields=None,
   extra_description=None,
   action=None,
@@ -87,15 +86,15 @@ <h3 class="sidebar-section__title">Your account</h3>
   custom_warning_text="",
   confirm_string_in_title="True")
 %}
-  <div id="{{ slug }}" class="modal" data-controller="confirm">
+  <div id="{{ slug }}" class="modal" data-controller="confirm modal-close">
     <div class="modal__content" role="dialog">
+      <a href="#modal-close" data-action="click->modal-close#cancel" title="Close" class="modal__close">
+        <i class="fa fa-times" aria-hidden="true"></i>
+        <span class="sr-only">close</span>
+      </a>
       <form method="POST" class="modal__form" action="{{ action or request.current_route_path() }}">
         <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">
         {{ extra_fields if extra_fields else '' }}
-        <a href="#modal-close" data-action="click->confirm#cancel" title="Close" class="modal__close">
-          <i class="fa fa-times" aria-hidden="true"></i>
-          <span class="sr-only">Close</span>
-        </a>
         <div class="modal__body">
           <h3 class="modal__title">{{ title }}{% if confirm_string_in_title %} {{ confirm_string }}{% endif %}?</h3>
           {% if warning %}
@@ -112,11 +111,11 @@ <h3 class="modal__title">{{ title }}{% if confirm_string_in_title %} {{ confirm_
           <p>Confirm {{ context }} {{ confirm_name|lower }} to continue.</p>
           {% set name = "confirm_" + confirm_name.lower().replace(' ', '_') %}
           <label for="{{ slug }}-{{ name }}">{{ confirm_name }}</label>
-          <input id="{{ slug }}-{{ name }}" name="{{ name }}" data-action="input->confirm#check" data-target="confirm.input" type="text" autocomplete="off" autocapitalize="off">
+          <input name="{{ slug }}-{{ name }}" data-action="input->confirm#check" data-target="confirm.input modal-close.input" type="text" autocomplete="off" autocorrect="off" autocapitalize="off">
         </div>
         <div class="modal__footer">
-          <button type="reset" class="button modal__action js-cancel" data-action="click->confirm#cancel">Cancel</button>
-          <button type="submit" class="button button--danger modal__action js-confirm" data-target="confirm.button" data-expected="{{ confirm_string }}">
+          <button type="reset" class="button modal__action js-cancel" data-action="click->modal-close#cancel">Cancel</button>
+          <button type="submit" class="button button--danger modal__action js-confirm" data-target="confirm.button modal-close.button" data-expected="{{ confirm_string }}">
             {{ confirm_button_label if confirm_button_label else title }}
           </button>
         </div>
@@ -125,6 +124,56 @@ <h3 class="modal__title">{{ title }}{% if confirm_string_in_title %} {{ confirm_
   </div>
 {% endmacro %}
 
+{% macro confirm_password_modal(
+  title,
+  slug,
+  confirm_button_label=None,
+  extra_fields=None,
+  action=None,
+  warning=True,
+  custom_warning_text=""
+) %}
+  <div id="{{ slug }}" class="modal" data-controller="confirm-password modal-close">
+    <div class="modal__content" role="dialog">
+      <a href="#modal-close" data-action="click->modal-close#cancel" title="Close" class="modal__close">
+        <i class="fa fa-times" aria-hidden="true"></i>
+        <span class="sr-only">close</span>
+      </a>
+      <form method="POST" class="modal__form" action="{{ action or request.current_route_path() }}">
+        <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">
+        {{ extra_fields if extra_fields else '' }}
+        <div class="modal__body">
+          <h3 class="modal__title">{{ title }}</h3>
+          {% if warning %}
+          <div class="callout-block callout-block--danger callout-block--bottom-margin no-top-margin">
+            <p>
+              <i class="fa fa-exclamation-triangle" aria-hidden="true"><span class="sr-only">Warning</span></i>
+              This action cannot be undone!
+            </p>
+            {% if custom_warning_text %}{{ custom_warning_text }}{% endif %}
+          </div>
+          {% endif %}
+          <p>Enter your password to continue.</p>
+          <div class="form-group">
+            <div class="split-layout">
+              <label for="confirm_password">Password</label>
+              <label for="show-confirm-password-{{ slug }}" class="show-password">
+                <input data-action="change->confirm-password#setPasswordVisibility" data-target="confirm-password.showPassword" id="show-confirm-password-{{ slug }}" type="checkbox">
+                Show password
+              </label>
+            </div>
+            <input name="confirm_password" data-action="input->confirm-password#check" data-target="confirm-password.password modal-close.input" type="password" autocomplete="off" autocorrect="off" autocapitalize="off">
+          </div>
+        </div>
+        <div class="modal__footer">
+          <button type="reset" class="button modal__action js-cancel" data-action="click->modal-close#cancel">Cancel</button>
+          <button type="submit" class="button button--danger modal__action js-confirm" data-target="confirm-password.button modal-close.button"">{{ confirm_button_label }}</button>
+        </div>
+      </form>
+    </div>
+  </div>
+{% endmacro %}
+
 {% macro confirm_button(
   title,
   confirm_name,
diff --git a/warehouse/templates/manage/release.html b/warehouse/templates/manage/release.html
index ce232ac9299e..01a44dba5403 100644
--- a/warehouse/templates/manage/release.html
+++ b/warehouse/templates/manage/release.html
@@ -98,7 +98,7 @@ <h2 class="heading-wsubtitle__heading">Release version {{ release.version }}</h2
               </li>
             </ul>
           </nav>
-          {{ confirm_modal(title, "Project name", project.name, slug, confirm_button_label=confirm_button_label, index=loop.index, extra_fields=extra_fields, extra_description=extra_description) }}
+          {{ confirm_modal(title, "Project name", project.name, slug, confirm_button_label=confirm_button_label, extra_fields=extra_fields, extra_description=extra_description) }}
         </td>
       </tr>
     {% endfor %}
diff --git a/warehouse/templates/manage/releases.html b/warehouse/templates/manage/releases.html
index 3c377f292eb1..5a3d53058a67 100644
--- a/warehouse/templates/manage/releases.html
+++ b/warehouse/templates/manage/releases.html
@@ -83,7 +83,7 @@ <h2>Releases ({{ project.releases|length }})</h2>
             <p>You will not be able to re-upload a new distribution of the same type with the same version number. Consider making a new release or a <a href="https://www.python.org/dev/peps/pep-0440/#post-releases" title="External link" target="_blank" rel="noopener">post release</a> instead.</p>
             {% endset %}
 
-            {{ confirm_modal(title, "Version", release.version, slug, index=loop.index, custom_warning_text=version_warning_text, action=action) }}
+            {{ confirm_modal(title, "Version", release.version, slug, custom_warning_text=version_warning_text, action=action) }}
           </td>
         </tr>
       {% endfor %}