diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index da8817c..5eae569 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,5 +1,5 @@
 class UsersController < ApplicationController
-  before_action :find_user
+  before_action :set_user
 
   def show
   end
@@ -14,7 +14,7 @@ class UsersController < ApplicationController
 
   private
 
-  def find_user
+  def set_user
     @user = User.new(name: session[:user_name])
   end
 
diff --git a/app/models/user.rb b/app/models/user.rb
index f432e62..6860d3e 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -57,7 +57,9 @@ class User
   end
 
   def valid_password_confirmation
-    password == password_confirmation
+    if password != password_confirmation
+      errors.add(:password, :confirmation, attribute: User.human_attribute_name(:password_confirmation))
+    end
   end
 
   def stretching_cost
diff --git a/spec/features/sessions_spec.rb b/spec/features/sessions_spec.rb
index bc6e826..39978b0 100644
--- a/spec/features/sessions_spec.rb
+++ b/spec/features/sessions_spec.rb
@@ -43,7 +43,7 @@ describe "sessions" do
 
     after do
       # reset password to the default
-      FileUtils.rm_rf(User::ENCRYPTED_PASSWORD_FILE)
+      FileUtils.rm_f(User::ENCRYPTED_PASSWORD_FILE)
     end
 
     context "correct password" do
diff --git a/spec/features/users_spec.rb b/spec/features/users_spec.rb
index 5eeb8a2..177deb1 100644
--- a/spec/features/users_spec.rb
+++ b/spec/features/users_spec.rb
@@ -1,9 +1,53 @@
 require "spec_helper"
 
 describe "users" do
-  describe "edit" do
+  describe "visit edit page before login" do
     let(:url) { user_path }
     it_should_behave_like "login required"
   end
 
+  describe "edit" do
+    let!(:user) { build(:user) }
+
+    before do
+      login_with user
+    end
+
+    after do
+      # reset password to the default
+      FileUtils.rm_f(User::ENCRYPTED_PASSWORD_FILE)
+    end
+
+    describe 'to change password' do
+      let(:current_password) { user.password }
+      let(:password) { 'new_password' }
+
+      before do
+        visit user_path
+        fill_in 'user[current_password]', with: current_password
+
+        fill_in 'user[password]', with: password
+        fill_in 'user[password_confirmation]', with: password_confirmation
+        click_button I18n.t("terms.update_password")
+      end
+
+      context 'when valid new password/confirmation is input' do
+        let(:password_confirmation) { password }
+
+        it 'should update users password with new password' do
+          expect(page).to have_css('.alert-success')
+          expect(user.stored_digest).to eq user.digest(password)
+        end
+      end
+
+      context 'when invalid new password/confirmation is input' do
+        let(:password_confirmation) { 'invalid_password' }
+
+        it 'should not update users password with new password' do
+          expect(page).to have_css('.alert-danger')
+          expect(user.stored_digest).to eq user.digest(current_password)
+        end
+      end
+    end
+  end
 end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 07c3bb1..45f543a 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -4,11 +4,55 @@ describe User do
   let(:user) { build(:user) }
 
   describe "#valid?" do
+    subject { user.valid? }
+
     describe "password" do
-      it "password != password_confirmation is invalid" do
-        user.password = "a"
-        user.password_confirmation = "b"
-        user.should_not be_valid
+      before do
+        user.current_password = current_password
+        user.password = password
+        user.password_confirmation = password_confirmation
+      end
+
+      context 'when current_password is correct' do
+        let(:current_password) { user.password }
+
+        context 'when password/confirmation is 8 characters' do
+          let(:password) { 'a' * 8 }
+          let(:password_confirmation) { password }
+
+          it { should be_truthy }
+        end
+
+        context 'when password is 7 characters' do
+          let(:password) { 'a' * 7 }
+          let(:password_confirmation) { password }
+
+          it 'should return false' do
+            should be_falsey
+            user.errors.keys.should == [:password]
+          end
+        end
+
+        context 'when password != password_confirmation' do
+          let(:password) { 'a' * 8 }
+          let(:password_confirmation) { 'b' * 8 }
+
+          it 'should return false' do
+            should be_falsey
+            user.errors.keys.should == [:password]
+          end
+        end
+      end
+
+      context 'when current_password is wrong' do
+        let(:current_password) { 'invalid_password' }
+        let(:password) { 'a' * 8 }
+        let(:password_confirmation) { password }
+
+        it 'should return false' do
+          should be_falsey
+          user.errors.keys.should == [:current_password]
+        end
       end
     end
   end