diff --git a/application/applicationservice/user.go b/application/applicationservice/user.go
index 29d8b2a..094ec1e 100644
--- a/application/applicationservice/user.go
+++ b/application/applicationservice/user.go
@@ -172,6 +172,11 @@ func (s *userService) UpdateLogin(user viewmodel.User) error {
 	return s.svc.Users.UpdateLogin(eUser)
 }
 
+func (s *userService) UpdateLoginPassword(user viewmodel.User) error {
+	eUser := s.mapEntity.User.ToUserEntity(user)
+	return s.svc.Users.UpdateLoginPassword(eUser)
+}
+
 func (s *userService) SaveAddress(address viewmodel.Address) (retVal viewmodel.Address, err error) {
 	entity := s.mapEntity.Address.ToAddressEntity(address)
 	entity, err = s.svc.Users.SaveAddress(entity)
diff --git a/data/datamysql/user.go b/data/datamysql/user.go
index 5c681bc..bf7549e 100644
--- a/data/datamysql/user.go
+++ b/data/datamysql/user.go
@@ -462,6 +462,22 @@ func (c *userRepo) UpdateLogin(user entity.User) error {
 	return nil
 }
 
+func (c *userRepo) UpdateLoginPassword(user entity.User) error {
+	const (
+		query = `UPDATE			tab_login   	a
+				 INNER JOIN 	tab_user    	b
+				 ON      		a.user_id		=	b.user_id
+				 SET      		a.password     	=   sha2(?, 512)
+				 WHERE  		b.user_uuid     = 	?`
+	)
+
+	if _, err := c.conn.Exec(query, user.Pass, user.UUID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (c *userRepo) RemoveContact(contact entity.ContactInfo) (entity.ContactInfo, error) {
 	const (
 		query = `DELETE FROM tab_contact WHERE contact_uuid = ?;`
diff --git a/domain/contract/repo.go b/domain/contract/repo.go
index 6d07202..98635f4 100644
--- a/domain/contract/repo.go
+++ b/domain/contract/repo.go
@@ -35,6 +35,7 @@ type UserRepo interface {
 	SaveContact(contact entity.ContactInfo) (entity.ContactInfo, error)
 	RemoveContact(contact entity.ContactInfo) (entity.ContactInfo, error)
 	UpdateLogin(user entity.User) error
+	UpdateLoginPassword(user entity.User) error
 }
 
 // RideRepo defines the data set for Rides
diff --git a/domain/service/user.go b/domain/service/user.go
index ca53aab..73a5849 100644
--- a/domain/service/user.go
+++ b/domain/service/user.go
@@ -80,6 +80,10 @@ func (s *userService) UpdateLogin(user entity.User) error {
 	return s.svc.db.Users().UpdateLogin(user)
 }
 
+func (s *userService) UpdateLoginPassword(user entity.User) error {
+	return s.svc.db.Users().UpdateLoginPassword(user)
+}
+
 // GetUsersByProfile returns a list of users by profile
 func (s *userService) GetUsersByProfile(profile string) ([]entity.User, error) {
 	return s.svc.db.Users().GetUsersByProfile(profile)
diff --git a/server/router/passwordresetroute/controller.go b/server/router/passwordresetroute/controller.go
index 70ea908..0329b1c 100644
--- a/server/router/passwordresetroute/controller.go
+++ b/server/router/passwordresetroute/controller.go
@@ -115,33 +115,33 @@ func (c *controller) handleResetComplete(ctx echo.Context) error {
 	}
 
 	if len(strings.TrimSpace(user.Pass)) < 1 {
-		routeutils.ResponseAPIPasswordResetFailed(ctx, "No password")
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "No password")
 	}
 
 	passwordResetEntry, err := c.svc.PasswordReset.GetByToken(userToken)
 	if err != nil || len(passwordResetEntry.Token) < 1 || passwordResetEntry.Expires.Before(time.Now()) || passwordResetEntry.Used == true {
-		routeutils.ResponseAPIPasswordResetFailed(ctx, "Token error")
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "Token error")
 	}
 
 	fullUserData, err := c.svc.Users.GetByUUID(passwordResetEntry.User.ID, "")
 	if err != nil {
-		routeutils.ResponseAPIPasswordResetFailed(ctx, "User problem")
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "User error")
 	}
 
-	fmt.Println(fullUserData)
-
-	//write new password in database
-	//TODO
+	fullUserData.Pass = user.Pass //user contains just password sent from reset form
+	if err = c.svc.Users.UpdateLoginPassword(fullUserData); err != nil {
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "Error updating password")
+	}
 
 	if err := c.svc.PasswordReset.SetTokenUsed(userToken); err != nil {
-		routeutils.ResponseAPIPasswordResetFailed(ctx, "Reset failed")
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "Reset failed")
 	}
 
 	//Send email with reset link
 	notification := viewmodel.Notification{
 		Type:    applicationservice.NotificationTypeEmail,
 		From:    c.cfg.Email.Sender,
-		To:      *user.Email,
+		To:      *fullUserData.Email,
 		Subject: passwordResetCompleteEmailSubject,
 		Message: passwordResetCompleteEmailBody,
 	}