diff --git a/backend/blueprints/profile/__init__.py b/backend/blueprints/profile/__init__.py
index 47717ee..4dbd24c 100644
--- a/backend/blueprints/profile/__init__.py
+++ b/backend/blueprints/profile/__init__.py
@@ -184,4 +184,43 @@ def allowed_file(filename):
     Validate file extensions.
     """
     allowed_extensions = {'png', 'jpg', 'jpeg', 'gif'}
-    return '.' in filename and filename.rsplit('.', 1)[1].lower() in allowed_extensions
\ No newline at end of file
+    return '.' in filename and filename.rsplit('.', 1)[1].lower() in allowed_extensions
+
+@profile.route('/change-password', methods=['POST'])
+@auth_required()
+def change_password():
+    """
+    Allow the logged-in user to change their password.
+    The user must provide the current password, new password, and confirm the new password.
+    """
+    user = g.current_user
+    data = request.form
+
+    # Validate input data
+    current_password = data.get('current_password')
+    new_password = data.get('new_password')
+    confirm_password = data.get('confirm_password')
+
+    if not current_password or not new_password or not confirm_password:
+        return jsonify({"error": "All fields (current_password, new_password, confirm_password) are required"}), 400
+
+    # Check if current password matches the user's existing password
+    if not check_password_hash(user.hash_password, current_password):
+        return jsonify({"error": "Current password is incorrect"}), 400
+
+    # Check if new password and confirmation match
+    if new_password != confirm_password:
+        return jsonify({"error": "New password and confirm password do not match"}), 400
+
+    # Check for password complexity (optional)
+    # Validate password
+    try:
+        password_check_sanity(new_password)
+    except InsecurePasswordException as e:
+        return jsonify({"error": str(e)}), 400
+
+    # Update the user's password
+    user.hash_password = generate_password_hash(new_password)
+    db.session.commit()
+
+    return jsonify({"message": "Password updated successfully"}), 200
\ No newline at end of file
diff --git a/backend/blueprints/session/__init__.py b/backend/blueprints/session/__init__.py
index 6462e2b..4f17280 100644
--- a/backend/blueprints/session/__init__.py
+++ b/backend/blueprints/session/__init__.py
@@ -95,3 +95,4 @@ def logout():
     target_session.isValid = False
     db.session.commit()
     return jsonify({'message': 'Session invalidated'}), 200
+
diff --git a/backend/requirements.txt b/backend/requirements.txt
index f94a1e5..00d1233 100644
Binary files a/backend/requirements.txt and b/backend/requirements.txt differ