diff --git a/static/galene.css b/static/galene.css
index 03851b6..c2cec85 100644
--- a/static/galene.css
+++ b/static/galene.css
@@ -99,6 +99,16 @@
     font-style: italic;
 }
 
+#chpwspan a {
+    padding: 4px 0;
+    font-size: 0.9em;
+    color: #e4157e;
+}
+
+#chpwspan.invisible {
+    display: none;
+}
+
 .sidenav .user-logout a {
     font-size: 1em;
     padding: 7px 0 0;
diff --git a/static/galene.html b/static/galene.html
index 5b93974..28bdd9f 100644
--- a/static/galene.html
+++ b/static/galene.html
@@ -153,6 +153,7 @@
             <div class="profile-info">
               <span id="userspan"></span>
               <span id="permspan"></span>
+              <span id="chpwspan" class="invisible"><a id="change-password">Change password</a></span>
             </div>
             <div class="user-logout">
               <a id="disconnectbutton">
diff --git a/static/galene.js b/static/galene.js
index 0f226fe..14ad7cd 100644
--- a/static/galene.js
+++ b/static/galene.js
@@ -29,6 +29,9 @@ let serverConnection;
 /** @type {Object} */
 let groupStatus = {};
 
+/** @type {boolean} */
+let pwAuth = false;
+
 /** @type {string} */
 let token = null;
 
@@ -331,6 +334,24 @@ async function gotConnected() {
     await join(again);
 }
 
+/**
+ * @param {string} username
+ */
+function setChangePassword(username) {
+    let s = document.getElementById('chpwspan');
+    let a = s.children[0];
+    if(!(a instanceof HTMLAnchorElement))
+        throw new Error('Bad type for chpwspan');
+    if(username) {
+        a.href = `/change-password.html?group=${encodeURI(group)}&username=${encodeURI(username)}`;
+        a.target = '_blank';
+        s.classList.remove('invisible');
+    } else {
+        a.href = null;
+        s.classList.add('invisible');
+    }
+}
+
 /**
  * @param {boolean} again
  */
@@ -338,6 +359,7 @@ async function join(again) {
     let username = getInputElement('username').value.trim();
     let credentials;
     if(token) {
+        pwAuth = false;
         credentials = {
             type: 'token',
             token: token,
@@ -349,15 +371,18 @@ async function join(again) {
     } else {
         let pw = getInputElement('password').value;
         getInputElement('password').value = '';
-        if(!groupStatus.authServer)
+        if(!groupStatus.authServer) {
+            pwAuth = true;
             credentials = pw;
-        else
+        } else {
+            pwAuth = false;
             credentials = {
                 type: 'authServer',
                 authServer: groupStatus.authServer,
                 location: location.href,
                 password: pw,
             };
+        }
     }
 
     try {
@@ -2459,6 +2484,7 @@ async function gotJoined(kind, group, perms, status, data, error, message) {
         this.close();
         token = null;
         setButtonsVisibility();
+        setChangePassword(null);
         return;
     case 'join':
     case 'change':
@@ -2469,6 +2495,9 @@ async function gotJoined(kind, group, perms, status, data, error, message) {
         setTitle((status && status.displayName) || capitalise(group));
         displayUsername();
         setButtonsVisibility();
+        setChangePassword(pwAuth && !!groupStatus.canChangePassword &&
+                          serverConnection.username
+        );
         if(kind === 'change')
             return;
         break;