diff --git a/backend/app/Http/Controllers/Auth/RegisteredUserController.php b/backend/app/Http/Controllers/Auth/RegisteredUserController.php
index 00d2649..c19fb66 100644
--- a/backend/app/Http/Controllers/Auth/RegisteredUserController.php
+++ b/backend/app/Http/Controllers/Auth/RegisteredUserController.php
@@ -126,4 +126,22 @@ class RegisteredUserController extends Controller
 
         return response()->noContent();
     }
+
+    public function change_password(Request $request)
+    {
+        $user = auth()->user();
+
+        if ($user->role !== 'STUDENT') {
+            return response()->json(['message' => 'Only students...'], 403);
+        }
+
+        $request->validate([
+            'password' => ['required', 'string', 'min:8', 'confirmed'],
+        ]);
+
+        $user->password = Hash::make($request->password);
+        $user->save();
+
+        return response()->json(['message' => 'Password successfully changed.']);
+    }
 }
\ No newline at end of file
diff --git a/backend/routes/api.php b/backend/routes/api.php
index 76ebbc0..802c184 100644
--- a/backend/routes/api.php
+++ b/backend/routes/api.php
@@ -23,11 +23,12 @@ Route::middleware(['auth:sanctum'])->get('/user', function (Request $request) {
 });
 
 Route::middleware(['auth:sanctum'])->prefix('/students')->group(function () {
+    Route::post('/change-password', [RegisteredUserController::class, 'change_password']);
     Route::get('/', [StudentDataController::class, 'all']);
     Route::get('/{id}', [StudentDataController::class, 'get']);
     Route::post('/{id}', [StudentDataController::class, 'update_all']);
     Route::delete('/{id}', [StudentDataController::class, 'delete']);
-    Route::post('/students/change-password', [StudentDataController::class, 'change_password']);
+
 });
 
 Route::post('/password-reset', [RegisteredUserController::class, 'reset_password'])