diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
index d5811bcd..e9fe6486 100644
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@@ -37,8 +37,14 @@ use App\Form\UserSettingsType;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\Asset\Packages;
+use Symfony\Component\Form\Extension\Core\Type\PasswordType;
+use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
+use Symfony\Component\Form\Extension\Core\Type\SubmitType;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
+use Symfony\Component\Security\Core\Validator\Constraints\UserPassword;
+use Symfony\Component\Validator\Constraints\Length;
 
 class UserController extends AbstractController
 {
@@ -71,13 +77,19 @@ class UserController extends AbstractController
     /**
      * @Route("/user/settings", name="user_settings")
      */
-    public function userSettings(Request $request, EntityManagerInterface $em)
+    public function userSettings(Request $request, EntityManagerInterface $em, UserPasswordEncoderInterface $passwordEncoder)
     {
+        /**
+         * @var User
+         */
         $user = $this->getUser();
 
         //When user change its settings, he should be logged  in fully.
         $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
 
+        /***************************
+         * User settings form
+         ***************************/
 
         $form = $this->createForm(UserSettingsType::class, $user);
 
@@ -89,8 +101,45 @@ class UserController extends AbstractController
             $this->addFlash('success', 'user.settings.saved_flash');
         }
 
+        /*****************************
+         * Password change form
+         ****************************/
+
+        $pw_form = $this->createFormBuilder()
+            ->add('old_password', PasswordType::class, [
+                'label' => 'user.settings.pw_old.label',
+                'constraints'=> [new UserPassword()]]) //This constraint checks, if the current user pw was inputted.
+            ->add('new_password', RepeatedType::class, [
+                'type' => PasswordType::class,
+                'first_options' => ['label'=> 'user.settings.pw_new.label'],
+                'second_options' => ['label'=> 'user.settings.pw_confirm.label'],
+                'invalid_message' => 'password_must_match',
+                'constraints' => [new Length([
+                    'min' => 6,
+                    'max' => 128
+                ])]
+            ])
+            ->add('submit', SubmitType::class)
+            ->getForm();
+
+        $pw_form->handleRequest($request);
+
+        //Check if password if everything was correct, then save it to User and DB
+        if($pw_form->isSubmitted() && $pw_form->isValid()) {
+            $password = $passwordEncoder->encodePassword($user, $pw_form['new_password']->getData());
+            $user->setPassword($password);
+            $em->persist($user);
+            $em->flush();
+            $this->addFlash('success', 'user.settings.pw_changed_flash');
+        }
+
+        /******************************
+         * Output both forms
+         *****************************/
+
         return $this->render('Users/user_settings.html.twig', [
-            "settings_form" => $form->createView()
+            "settings_form" => $form->createView(),
+            'pw_form' => $pw_form->createView()
         ]);
     }
 
diff --git a/src/Entity/User.php b/src/Entity/User.php
index 49bf9fd8..724b60f7 100644
--- a/src/Entity/User.php
+++ b/src/Entity/User.php
@@ -153,12 +153,18 @@ class User extends NamedDBElement implements UserInterface
 
     /**
      * @see UserInterface
+     * Gets the password hash for this entity.
      */
     public function getPassword(): string
     {
         return (string) $this->password;
     }
 
+    /**
+     * Sets the password hash for this user.
+     * @param string $password
+     * @return User
+     */
     public function setPassword(string $password): self
     {
         $this->password = $password;
diff --git a/templates/Users/user_settings.html.twig b/templates/Users/user_settings.html.twig
index 7444ed3f..e4508fc2 100644
--- a/templates/Users/user_settings.html.twig
+++ b/templates/Users/user_settings.html.twig
@@ -37,4 +37,20 @@
     {{ form_row(settings_form.reset) }}
 
     {{ form_end(settings_form) }}
+{% endblock %}
+
+{% block content %}
+    {{ parent() }}
+
+    <div class="card mt-4">
+        <div class="card-header">
+            <i class="fa fa-key fa-fw" aria-hidden="true"></i>
+            {% trans %}user.settings.change_pw{% endtrans %}
+        </div>
+        <div class="card-body">
+            {{ form_start(pw_form) }}
+            {{ form_widget(pw_form) }}
+            {{ form_end(pw_form) }}
+        </div>
+    </div>
 {% endblock %}
\ No newline at end of file