diff --git a/firstuseauthenticator/firstuseauthenticator.py b/firstuseauthenticator/firstuseauthenticator.py
index a95bcfd..7836b8f 100644
--- a/firstuseauthenticator/firstuseauthenticator.py
+++ b/firstuseauthenticator/firstuseauthenticator.py
@@ -46,6 +46,21 @@ class ResetPasswordHandler(BaseHandler):
         html = self.render_template('reset.html')
         self.finish(html)
 
+    async def post(self):
+        data = {}
+        for arg in self.request.arguments:
+            data[arg] = self.get_argument(arg, strip=False)
+        user = self.get_current_user()
+        data['username'] = user.name
+        self.authenticator.reset_password(data)
+
+        html = self.render_template(
+            'reset.html',
+            result=True,
+            result_message='password changed successfully',
+        )
+        self.finish(html)
+
 
 class FirstUseAuthenticator(Authenticator):
     """
@@ -95,7 +110,8 @@ class FirstUseAuthenticator(Authenticator):
                 if bcrypt.hashpw(password.encode(), stored_pw) != stored_pw:
                     return None
             else:
-                db[username] = bcrypt.hashpw(password.encode(), bcrypt.gensalt())
+                db[username] = bcrypt.hashpw(password.encode(),
+                                             bcrypt.gensalt())
         return username
 
     def delete_user(self, user):
@@ -108,10 +124,17 @@ class FirstUseAuthenticator(Authenticator):
             del db[user.name]
 
     def reset_password(self, data):
+        """
+        This allow to change password of a logged user.
+        """
         username = data['username']
         new_password = data['password']
-        db[username] = bcrypt.hashpw(new_password.encode(), bcrypt.gensalt())
+
+        with dbm.open(self.dbm_path, 'c', 0o600) as db:
+            db[username] = bcrypt.hashpw(new_password.encode(),
+                                         bcrypt.gensalt())
         return username
 
     def get_handlers(self, app):
-        return super().get_handlers(app) + [(r'/auth/change-password', ResetPasswordHandler)]
+        return super().get_handlers(app) + [(r'/auth/change-password',
+                                            ResetPasswordHandler)]
diff --git a/firstuseauthenticator/templates/reset.html b/firstuseauthenticator/templates/reset.html
index e0b9988..4f16f3a 100644
--- a/firstuseauthenticator/templates/reset.html
+++ b/firstuseauthenticator/templates/reset.html
@@ -3,35 +3,14 @@
 {% block main %}
 
 <div class="container">
-<form action="{{login_url}}?next={{next}}" method="post" role="form">
-  <div class="auth-form-header">
-    Sign in
-  </div>
+<form action="{{post_url}}" method="post" role="form">
+  <h2 class="auth-form-header">
+    Change Password
+  </h2>
   <div class='auth-form-body'>
 
-    <p id='insecure-login-warning' class='hidden'>
-    Warning: JupyterHub seems to be served over an unsecured HTTP connection.
-    We strongly recommend enabling HTTPS for JupyterHub.
-    </p>
 
-    {% if login_error %}
-    <p class="login_error">
-      {{login_error}}
-    </p>
-    {% endif %}
-    <label for="username_input">Username:</label>
-    <input
-      id="username_input"
-      type="text"
-      autocapitalize="off"
-      autocorrect="off"
-      class="form-control"
-      name="username"
-      val="{{username}}"
-      tabindex="1"
-      autofocus="autofocus"
-    />
-    <label for='password_input'>Password:</label>
+    <label for='password_input'>New Password:</label>
     <input
       type="password"
       class="form-control"
@@ -49,6 +28,11 @@
     />
   </div>
 </form>
+{% if result %}
+  <p>
+    {{result_message}}
+  </p>
+{% endif %}
 </div>
 
 {% endblock %}