diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index 53158fb8..bdb92f6b 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -593,25 +593,9 @@ class TestUserAccountUpdate(ApiTestCaseMixin):
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        self.assert_400(response)
+        self.assert_400(response, error_message='current password is missing')
 
-    def test_it_updates_user_profile(self, app: Flask, user_1: User) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.patch(
-            '/api/auth/profile/edit/account',
-            content_type='application/json',
-            data=json.dumps(dict(password=random_string())),
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-        assert response.status_code == 200
-        data = json.loads(response.data.decode())
-        assert data['status'] == 'success'
-        assert data['message'] == 'user account updated'
-
-    def test_it_returns_error_if_controls_fail(
+    def test_it_returns_error_if_current_password_is_missing(
         self, app: Flask, user_1: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
@@ -621,14 +605,99 @@ class TestUserAccountUpdate(ApiTestCaseMixin):
         response = client.patch(
             '/api/auth/profile/edit/account',
             content_type='application/json',
-            data=json.dumps(dict(password=random_string(length=5))),
+            data=json.dumps(dict(new_password=random_string())),
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        self.assert_400(
-            response, error_message='password: 8 characters required'
+        self.assert_400(response, error_message='current password is missing')
+
+    def test_it_returns_error_if_current_password_is_invalid(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
         )
 
+        response = client.patch(
+            '/api/auth/profile/edit/account',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    password=random_string(),
+                    new_password=random_string(),
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_401(response, error_message='invalid credentials')
+
+    def test_it_returns_error_if_controls_fail_on_new_password(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            '/api/auth/profile/edit/account',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    password='12345678',
+                    new_password=random_string(length=3),
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_400(response, 'password: 8 characters required')
+
+    def test_it_updates_auth_user_password(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        current_hashed_password = user_1.password
+
+        response = client.patch(
+            '/api/auth/profile/edit/account',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    password='12345678',
+                    new_password=random_string(),
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['message'] == 'user account updated'
+        assert current_hashed_password != user_1.password
+
+    def test_new_password_is_hashed(self, app: Flask, user_1: User) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        new_password = random_string()
+
+        response = client.patch(
+            '/api/auth/profile/edit/account',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    password='12345678',
+                    new_password=new_password,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+        assert response.status_code == 200
+        assert new_password != user_1.password
+
 
 class TestUserPreferencesUpdate(ApiTestCaseMixin):
     def test_it_updates_user_preferences(
diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py
index 3106ddcf..a2f94867 100644
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -626,7 +626,7 @@ def update_user_account(auth_user: User) -> Union[Dict, HttpResponse]:
           "username": "sam"
           "weekm": true,
         },
-        "message": "user profile updated",
+        "message": "user account updated",
         "status": "success"
       }
 
@@ -646,19 +646,23 @@ def update_user_account(auth_user: User) -> Union[Dict, HttpResponse]:
 
     """
     data = request.get_json()
-    if not data:
-        return InvalidPayloadErrorResponse()
+    if not data or not data.get('password'):
+        return InvalidPayloadErrorResponse('current password is missing')
 
-    password_data = data.get('password')
-    message = check_password(password_data)
+    current_password = data.get('password')
+    if not bcrypt.check_password_hash(auth_user.password, current_password):
+        return UnauthorizedErrorResponse('invalid credentials')
+
+    new_password = data.get('new_password')
+    message = check_password(new_password)
     if message != '':
         return InvalidPayloadErrorResponse(message)
-    password = bcrypt.generate_password_hash(
-        password_data, current_app.config.get('BCRYPT_LOG_ROUNDS')
+    hashed_password = bcrypt.generate_password_hash(
+        new_password, current_app.config.get('BCRYPT_LOG_ROUNDS')
     ).decode()
 
     try:
-        auth_user.password = password
+        auth_user.password = hashed_password
         db.session.commit()
 
         return {
diff --git a/fittrackee_client/src/components/User/ProfileEdition/UserAccountEdition.vue b/fittrackee_client/src/components/User/ProfileEdition/UserAccountEdition.vue
index 0710be6a..a4dd425d 100644
--- a/fittrackee_client/src/components/User/ProfileEdition/UserAccountEdition.vue
+++ b/fittrackee_client/src/components/User/ProfileEdition/UserAccountEdition.vue
@@ -18,18 +18,29 @@
           <input id="email" :value="user.email" disabled />
         </label>
         <label class="form-items" for="password-field">
-          {{ $t('user.PASSWORD') }}
+          {{ $t('user.CURRENT_PASSWORD') }}*
           <PasswordInput
             id="password-field"
             :disabled="loading"
-            :checkStrength="true"
             :password="userForm.password"
-            :isSuccess="false"
             :required="true"
             @updatePassword="updatePassword"
             @passwordError="invalidateForm"
           />
         </label>
+        <label class="form-items" for="new-password-field">
+          {{ $t('user.NEW_PASSWORD') }}*
+          <PasswordInput
+            id="new-password-field"
+            :disabled="loading"
+            :checkStrength="true"
+            :password="userForm.new_password"
+            :isSuccess="false"
+            :required="true"
+            @updatePassword="updateNewPassword"
+            @passwordError="invalidateForm"
+          />
+        </label>
         <div class="form-buttons">
           <button class="confirm" type="submit">
             {{ $t('buttons.SUBMIT') }}
@@ -74,6 +85,7 @@
   const userForm: IUserAccountPayload = reactive({
     email: '',
     password: '',
+    new_password: '',
   })
   const loading = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.USER_LOADING]
@@ -102,9 +114,13 @@
   function updatePassword(password: string) {
     userForm.password = password
   }
+  function updateNewPassword(new_password: string) {
+    userForm.new_password = new_password
+  }
   function updateProfile() {
     store.dispatch(AUTH_USER_STORE.ACTIONS.UPDATE_USER_ACCOUNT, {
       password: userForm.password,
+      new_password: userForm.new_password,
     })
   }
   function updateDisplayModal(value: boolean) {
@@ -114,15 +130,17 @@
     store.dispatch(AUTH_USER_STORE.ACTIONS.DELETE_ACCOUNT, { username })
   }
 
-  onUnmounted(() =>
+  onUnmounted(() => {
     store.commit(AUTH_USER_STORE.MUTATIONS.UPDATE_IS_SUCCESS, false)
-  )
+    store.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+  })
 
   watch(
     () => isSuccess.value,
     async (isSuccessValue) => {
       if (isSuccessValue) {
         updatePassword('')
+        updateNewPassword('')
         formErrors.value = false
       }
     }
diff --git a/fittrackee_client/src/components/User/ProfileEdition/UserInfosEdition.vue b/fittrackee_client/src/components/User/ProfileEdition/UserInfosEdition.vue
index 344e3f50..b1a4f189 100644
--- a/fittrackee_client/src/components/User/ProfileEdition/UserInfosEdition.vue
+++ b/fittrackee_client/src/components/User/ProfileEdition/UserInfosEdition.vue
@@ -62,7 +62,7 @@
 
 <script setup lang="ts">
   import { format } from 'date-fns'
-  import { ComputedRef, computed, reactive, onMounted } from 'vue'
+  import { ComputedRef, computed, reactive, onMounted, onUnmounted } from 'vue'
 
   import { AUTH_USER_STORE, ROOT_STORE } from '@/store/constants'
   import { IUserProfile, IUserPayload } from '@/types/user'
@@ -115,6 +115,10 @@
   function updateProfile() {
     store.dispatch(AUTH_USER_STORE.ACTIONS.UPDATE_USER_PROFILE, userForm)
   }
+
+  onUnmounted(() => {
+    store.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+  })
 </script>
 
 <style lang="scss" scoped>
diff --git a/fittrackee_client/src/components/User/ProfileEdition/UserPictureEdition.vue b/fittrackee_client/src/components/User/ProfileEdition/UserPictureEdition.vue
index c18596b0..627f2b91 100644
--- a/fittrackee_client/src/components/User/ProfileEdition/UserPictureEdition.vue
+++ b/fittrackee_client/src/components/User/ProfileEdition/UserPictureEdition.vue
@@ -33,7 +33,7 @@
 </template>
 
 <script setup lang="ts">
-  import { ComputedRef, Ref, computed, ref, toRefs } from 'vue'
+  import { ComputedRef, Ref, computed, ref, toRefs, onUnmounted } from 'vue'
 
   import UserPicture from '@/components/User/UserPicture.vue'
   import { AUTH_USER_STORE, ROOT_STORE } from '@/store/constants'
@@ -76,6 +76,10 @@
       })
     }
   }
+
+  onUnmounted(() => {
+    store.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+  })
 </script>
 
 <style lang="scss" scoped>
diff --git a/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue b/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue
index 4b122d76..5463e9c0 100644
--- a/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue
+++ b/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue
@@ -68,7 +68,7 @@
 </template>
 
 <script setup lang="ts">
-  import { ComputedRef, computed, reactive, onMounted } from 'vue'
+  import { ComputedRef, computed, reactive, onMounted, onUnmounted } from 'vue'
 
   import TimezoneDropdown from '@/components/User/ProfileEdition/TimezoneDropdown.vue'
   import { AUTH_USER_STORE, ROOT_STORE } from '@/store/constants'
@@ -134,4 +134,8 @@
   function updateTZ(value: string) {
     userForm.timezone = value
   }
+
+  onUnmounted(() => {
+    store.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+  })
 </script>
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index fe9cb986..36f2b583 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -2,6 +2,7 @@
   "ADMIN": "Admin",
   "ALREADY_HAVE_ACCOUNT": "Already have an account?",
   "CONFIRM_ACCOUNT_DELETION": "Are you sure you want to delete your account? All data will be deleted, this cannot be undone",
+  "CURRENT_PASSWORD": "Current password",
   "EMAIL": "Email",
   "EMAIL_INFO": "Enter a valid email address.",
   "ENTER_PASSWORD": "Enter a password",
@@ -10,6 +11,7 @@
   "LANGUAGE": "Language",
   "LOGIN": "Login",
   "LOGOUT": "Logout",
+  "NEW_PASSWORD": "New password",
   "PASSWORD": "Password",
   "PASSWORD_INFO": "At least 8 characters required.",
   "PASSWORD_FORGOTTEN": "Forgot password?",
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index bd4b01b2..0f8acffb 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -2,6 +2,7 @@
   "ADMIN": "Admin",
   "ALREADY_HAVE_ACCOUNT": "Vous avez déjà un compte ?",
   "CONFIRM_ACCOUNT_DELETION": "Etes-vous sûr de vouloir supprimer votre compte ? Toutes les données seront définitivement effacés.",
+  "CURRENT_PASSWORD": "Mot de passe actuel",
   "EMAIL": "Email",
   "EMAIL_INFO": "Saisir une adresse email valide.",
   "ENTER_PASSWORD": "Saisir un mot de passe",
@@ -10,6 +11,7 @@
   "LANGUAGE": "Langue",
   "LOGIN": "Se connecter",
   "LOGOUT": "Se déconnecter",
+  "NEW_PASSWORD": "Nouveau mot de passe",
   "PASSWORD": "Mot de passe",
   "PASSWORD_INFO": "8 caractères minimum.",
   "PASSWORD_FORGOTTEN": "Mot de passe oublié ?",
diff --git a/fittrackee_client/src/types/user.ts b/fittrackee_client/src/types/user.ts
index 8ccb9de8..288a8b02 100644
--- a/fittrackee_client/src/types/user.ts
+++ b/fittrackee_client/src/types/user.ts
@@ -36,6 +36,7 @@ export interface IUserPayload {
 export interface IUserAccountPayload {
   email?: string
   password: string
+  new_password: string
 }
 
 export interface IAdminUserPayload {