diff --git a/Gemfile.lock b/Gemfile.lock
index 8534f580a..5ae63f097 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -116,7 +116,6 @@ GEM
       rack (>= 1.0.0)
       rack-test (>= 0.5.4)
       selenium-webdriver (>= 0.0.3)
-    columnize (0.3.1)
     crack (0.1.8)
     cucumber (0.9.0)
       builder (~> 2.1.2)
@@ -152,7 +151,6 @@ GEM
     i18n (0.4.1)
     json (1.4.6)
     json_pure (1.4.6)
-    linecache (0.43)
     mail (2.2.6.1)
       activesupport (>= 2.3.6)
       mime-types
@@ -201,7 +199,6 @@ GEM
       rake (>= 0.8.4)
       thor (~> 0.14.0)
     rake (0.8.7)
-    redgreen (1.2.2)
     rest-client (1.6.1)
       mime-types (>= 1.16)
     rspec (2.0.0.beta.22)
@@ -217,11 +214,6 @@ GEM
     rspec-rails (2.0.0.beta.17)
       rspec (>= 2.0.0.beta.14)
       webrat (>= 0.7.0)
-    ruby-debug (0.10.3)
-      columnize (>= 0.1)
-      ruby-debug-base (~> 0.10.3.0)
-    ruby-debug-base (0.10.3)
-      linecache (>= 0.3)
     rubyzip (0.9.4)
     selenium-webdriver (0.0.28)
       ffi (>= 0.6.1)
@@ -258,7 +250,7 @@ DEPENDENCIES
   autotest
   bson (= 1.0.7)
   bson_ext (= 1.0.7)
-  bundler (= 1.0.0)
+  bundler (>= 1.0.0)
   capybara (~> 0.3.9)
   carrierwave!
   cucumber-rails (= 0.3.2)
@@ -278,11 +270,9 @@ DEPENDENCIES
   pubsubhubbub
   rails (= 3.0.0)
   redfinger!
-  redgreen
   roxml!
   rspec (>= 2.0.0.beta.17)
   rspec-rails (= 2.0.0.beta.17)
-  ruby-debug
   sprinkle!
   thin
   webmock
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 1cc280577..4a68d8bd2 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -21,12 +21,25 @@ class UsersController < ApplicationController
 
   def update
     @user = current_user
-
     data = clean_hash params[:user]
     prep_image_url(data)
 
+
+    params[:user].delete(:password) if params[:user][:password].blank?
+    params[:user].delete(:password_confirmation) if params[:user][:password].blank? and params[:user][:password_confirmation].blank?
+    
+    if params[:user][:password] && params[:user][:password_confirmation]
+      if @user.update_attributes(:password => params[:user][:password], :password_confirmation => params[:user][:password_confirmation])
+        flash[:notice] = "Password Changed"
+      else
+        flash[:error] = "Password Change Failed"
+      end
+      
+    end
+    
     @user.update_profile data
-    respond_with(@user, :location => root_url)
+    redirect_to edit_user_path(@user)
+
   end
 
   def public
diff --git a/app/views/users/_profile.haml b/app/views/users/_profile.haml
index 2b26eead0..78304d183 100644
--- a/app/views/users/_profile.haml
+++ b/app/views/users/_profile.haml
@@ -47,6 +47,13 @@
     %p
       = p.label :last_name
       = p.text_field :last_name, :value => @profile.last_name
+  %p
+    = f.label :password
+    = f.text_field :password
+  %p
+    = f.label :password_confirmation
+    = f.text_field :password_confirmation
+
 
   #submit_block
     = link_to t('.cancel'), root_path
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index a050738e1..272775771 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -27,7 +27,42 @@ describe UsersController do
         
         @user.person.profile.image_url.should == image_url
       end
+    end
 
+    context 'should allow the user to update their password' do
+      it 'should change a users password ' do
+        old_password = @user.encrypted_password
+
+        put("update", :id => @user.id, "user"=> {"password" => "foobaz", 'password_confirmation' => "foobaz","profile"=> 
+            {"image_url"   => "",
+            "last_name"  => @user.person.profile.last_name,
+            "first_name" => @user.person.profile.first_name}}) 
+
+        @user.reload
+        @user.encrypted_password.should_not == old_password
+      end
+
+      it 'should not change a password if they do not match' do 
+        old_password = @user.encrypted_password 
+        put("update", :id => @user.id, "user"=> {"password" => "foobarz", 'password_confirmation' => "not_the_same","profile"=> 
+            {"image_url"   => "",
+            "last_name"  => @user.person.profile.last_name,
+            "first_name" => @user.person.profile.first_name}}) 
+          @user.reload
+          @user.encrypted_password.should == old_password
+      end
+  
+
+      it 'should not update if the password fields are left blank' do 
+        
+          old_password = @user.encrypted_password 
+          put("update", :id => @user.id, "user"=> {"password" => "", 'password_confirmation' => "","profile"=> 
+              {"image_url"   => "",
+              "last_name"  => @user.person.profile.last_name,
+              "first_name" => @user.person.profile.first_name}}) 
+            @user.reload
+            @user.encrypted_password.should == old_password
+      end
     end
   end
 end