diff --git a/docker/backend/src/mw/auth.cr b/docker/backend/src/mw/auth.cr
index 5da55e4..3906438 100644
--- a/docker/backend/src/mw/auth.cr
+++ b/docker/backend/src/mw/auth.cr
@@ -26,7 +26,7 @@ module MW
       JWT.encode(payload.to_h, ENV_REQUESTER["BACKEND_JWT_SECRET"], JWT::Algorithm::HS256)
     end
 
-    def create_user_jwt(user_id : Int, expiration : Int = (Time.utc + Time::Span.new(days: 1)).to_unix) : String
+    def create_user_jwt(user_id : Int, expiration : Int = (Time.utc + Time::Span.new(hours: 6)).to_unix) : String
       create_jwt({user_id: user_id}, expiration)
     end
 
diff --git a/docker/backend/src/mw/schema/mutation.cr b/docker/backend/src/mw/schema/mutation.cr
index 2ae8a96..9762ba2 100644
--- a/docker/backend/src/mw/schema/mutation.cr
+++ b/docker/backend/src/mw/schema/mutation.cr
@@ -15,6 +15,22 @@ module MW
         )
       end
 
+      @[GraphQL::Field]
+      def update_password(context : Context, password : String) : LoginPayload
+        context.authenticated!
+
+        if Auth.verify_password?(password, context.user.not_nil!.password)
+          raise "New password must be different from old password"
+        end
+
+        context.user.not_nil!.update!(password: Auth.hash_password(password))
+
+        LoginPayload.new(
+          user: User.new(context.user.not_nil!),
+          token: Auth.create_user_jwt(context.user.not_nil!.id.not_nil!.to_i),
+        )
+      end
+
       @[GraphQL::Field]
       def create_user(context : Context, input : UserCreateInput) : User
         context.admin!