diff --git a/controllers/user.js b/controllers/user.js
index 680b8fe3a6..b7be5fb7df 100644
--- a/controllers/user.js
+++ b/controllers/user.js
@@ -31,6 +31,26 @@ exports.postAccountProfile = function(req, res) {
 // todo: change to change postPassword
 exports.postAccountSettings = function(req, res) {
   console.log('okay!!');
+   // TODO: change url on tab change in account.jade
+  // Check if password matches confirm password
+
+  if (req.body.password !== req.body.confirmPassword) {
+    req.flash('messages', 'Passwords do not match');
+    return res.redirect('/account');
+  }
+
+  User.findById(req.user.id, function(err, user) {
+    user.password = req.body.password;
+    user.save(function(err) {
+      console.log('Password has been changed.');
+      //TODO: change messages to success/errors
+      req.flash('messages', 'Password has been successfully changed!');
+      res.redirect('/account');
+    });
+  });
+
+
+
   // TODO: add new field "Existing password"
   // TODO: validate if all passwords are matching
   //TODO: change user's password
diff --git a/views/account.jade b/views/account.jade
index 09a5d23ad4..2fd73d424f 100644
--- a/views/account.jade
+++ b/views/account.jade
@@ -1,6 +1,11 @@
 extends layout
 
 block content
+  if messages.length
+    .alert.alert-danger
+      for message in messages
+        div= message
+
   ul.nav.nav-tabs
     li.active
       a(href='#basic', data-toggle='tab') Basic Info
@@ -45,7 +50,7 @@ block content
       .page-header
         h3 Change Password
 
-      form.form-horizontal(action='/account/profile', method='POST')
+      form.form-horizontal(action='/account/settings', method='POST')
         .form-group
           label.col-sm-3.control-label(for='password') Password
           .col-sm-4
@@ -53,7 +58,7 @@ block content
         .form-group
           label.col-sm-3.control-label(for='confirmPassword') Confirm Password
           .col-sm-4
-            input.form-control(type='password', id='confirmPassword')
+            input.form-control(type='password', name='confirmPassword', id='confirmPassword')
         .form-group
           .col-sm-offset-3.col-sm-4
             button.btn.btn.btn-primary(type='submit') Change Password
@@ -89,7 +94,3 @@ block content
         p: a(href='#') Link your GitHub account
 
 
-  if messages.length
-    .alert.alert-danger
-      for message in messages
-        div= message
\ No newline at end of file