diff --git a/core/auth.html b/core/auth.html
index fd2b780f..0125db16 100644
--- a/core/auth.html
+++ b/core/auth.html
@@ -89,9 +89,12 @@
 
 								<input type="radio" name="tab" id="guest" value="Guest" ?checked=${this.tab == 'guest'} @change=${() => self.tab_changed('guest')}></input>
 								<label for="guest" id="guest_label">Guest</label>
+
+								<input type="radio" name="tab" id="change" value="Change Password" ?checked=${this.tab == 'change'} @change=${() => self.tab_changed('change')}></input>
+								<label for="change" id="change_label">Change Password</label>
 							</div>
 
-							<div ?hidden=${this.tab != 'login' && this.tab != 'register'}>
+							<div ?hidden=${this.tab != 'login' && this.tab != 'register' && this.tab != 'change'}>
 								<div id="error" ?hidden=${this.error === undefined} class="error">
 									${this.error}
 								</div>
@@ -99,14 +102,18 @@
 									<label for="name">Name:</label>
 									<input type="text" id="name" name="name"></input>
 
-									<label for="password">Password:</label>
+									<label for="password">${this.tab == 'change' ? 'Old ' : ''}Password:</label>
 									<input type="password" id="password" name="password"></input>
 
-									<label ?hidden=${this.tab != 'register'} for="confirm">Confirm Password:</label>
-									<input ?hidden=${this.tab != 'register'} type="password" id="confirm" name="confirm"></input>
+									<label ?hidden=${this.tab != 'change'} for="new_password">New Password:</label>
+									<input ?hidden=${this.tab != 'change'} type="new_password" id="new_password" name="new_password"></input>
+
+									<label ?hidden=${this.tab != 'register' && this.tab != 'change'} for="confirm">Confirm ${this.tab == 'change' ? 'New ' : ''}Password:</label>
+									<input ?hidden=${this.tab != 'register' && this.tab != 'change'} type="password" id="confirm" name="confirm"></input>
 
 									<input id="loginButton" type="submit" name="submit" value="Login"></input>
 									<input type="hidden" name="register" value="${this.tab == 'register' ? 1 : 0}"></input>
+									<input type="hidden" name="change" value="${this.tab == 'change' ? 1 : 0}"></input>
 								</form>
 							</div>
 							<div ?hidden=${this.tab != 'guest'}>
diff --git a/core/auth.js b/core/auth.js
index 19ad1902..ab3df6ed 100644
--- a/core/auth.js
+++ b/core/auth.js
@@ -141,7 +141,7 @@ function handler(request, response) {
 			if (formData.submit == "Login") {
 				let account = gDatabase.get("user:" + formData.name);
 				account = account ? JSON.parse(account) : account;
-				if (formData.register == "1") {
+				if (formData.register == '1') {
 					if (!account &&
 						isNameValid(formData.name) &&
 						formData.password == formData.confirm) {
@@ -160,12 +160,23 @@ function handler(request, response) {
 						}
 						session = makeJwt({name: formData.name});
 						account = {password: hashPassword(formData.password)};
-						gDatabase.set("user:" + formData.name, JSON.stringify(account));
+						gDatabase.set('user:' + formData.name, JSON.stringify(account));
 						if (noAdministrator()) {
 							makeAdministrator(formData.name);
 						}
 					} else {
-						loginError = "Error registering account.";
+						loginError = 'Error registering account.';
+					}
+				} else if (formData.change == '1') {
+					if (account &&
+						isNameValid(formData.name) &&
+						formData.new_password == formData.confirm &&
+						verifyPassword(formData.password, account.password)) {
+						session = makeJwt({name: formData.name});
+						account = {password: hashPassword(formData.new_password)};
+						gDatabase.set('user:' + formData.name, JSON.stringify(account));
+					} else {
+						loginError = 'Error changing password.';
 					}
 				} else {
 					if (account &&
@@ -176,7 +187,7 @@ function handler(request, response) {
 							makeAdministrator(formData.name);
 						}
 					} else {
-						loginError = "Invalid username or password.";
+						loginError = 'Invalid username or password.';
 					}
 				}
 			} else {
diff --git a/tools/autotest.py b/tools/autotest.py
index ca80b47b..016c55d5 100755
--- a/tools/autotest.py
+++ b/tools/autotest.py
@@ -101,6 +101,25 @@ try:
 	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'loginButton').click()
 	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'error')
 
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'change_label').click()
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'name').send_keys('test_user')
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'password').send_keys('test_password')
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'new_password').send_keys('new_password')
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'confirm').send_keys('new_password')
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'loginButton').click()
+	wait.until(expected_conditions.presence_of_element_located((By.ID, 'document')))
+	driver.find_element(By.TAG_NAME, 'tf-navigation').shadow_root.find_element(By.LINK_TEXT, 'logout test_user').click()
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'login_label').click()
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'name').send_keys('test_user')
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'password').send_keys('test_password')
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'loginButton').click()
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'error')
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'login_label').click()
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'name').send_keys('test_user')
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'password').send_keys('new_password')
+	driver.find_element(By.TAG_NAME, 'tf-auth').shadow_root.find_element(By.ID, 'loginButton').click()
+	wait.until(expected_conditions.presence_of_element_located((By.ID, 'document')))
+
 	print('SUCCESS.')
 finally:
 	driver.close()