diff --git a/app/controllers/public/account_controller.rb b/app/controllers/public/account_controller.rb
index 1e7a093..6035228 100644
--- a/app/controllers/public/account_controller.rb
+++ b/app/controllers/public/account_controller.rb
@@ -2,7 +2,7 @@ class AccountController < ApplicationController
 
   no_design_blocks
 
-  before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise]
+  before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise, :change_password]
   before_filter :redirect_if_logged_in, :only => [:login, :signup]
   before_filter :protect_from_bots, :only => :signup
 
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index da0e991..c5b6189 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -213,6 +213,11 @@ class AccountControllerTest < ActionController::TestCase
     assert_equal users(:ze), @controller.send(:current_user)
   end
 
+  should 'require login to change password' do
+    post :change_password
+    assert_redirected_to :controller => 'account', :action => 'login'
+  end
+
   should 'provide a "I forget my password" link at the login page' do
     get :login
     assert_tag :tag => 'a', :attributes => {
--
libgit2 0.21.2