diff --git a/src/langbot/pkg/api/http/controller/groups/system.py b/src/langbot/pkg/api/http/controller/groups/system.py
index b5a0db80..ddbb2fda 100644
--- a/src/langbot/pkg/api/http/controller/groups/system.py
+++ b/src/langbot/pkg/api/http/controller/groups/system.py
@@ -23,6 +23,9 @@ class SystemRouterGroup(group.RouterGroup):
                         if 'cloud_service_url' in self.ap.instance_config.data.get('plugin', {})
                         else 'https://space.langbot.app'
                     ),
+                    'allow_change_password': self.ap.instance_config.data.get('system', {}).get(
+                        'allow_change_password', True
+                    ),
                 }
             )
 
diff --git a/src/langbot/pkg/api/http/controller/groups/user.py b/src/langbot/pkg/api/http/controller/groups/user.py
index f1525a6b..0a5aad77 100644
--- a/src/langbot/pkg/api/http/controller/groups/user.py
+++ b/src/langbot/pkg/api/http/controller/groups/user.py
@@ -70,6 +70,13 @@ class UserRouterGroup(group.RouterGroup):
 
         @self.route('/change-password', methods=['POST'], auth_type=group.AuthType.USER_TOKEN)
         async def _(user_email: str) -> str:
+            # Check if password change is allowed
+            allow_change_password = self.ap.instance_config.data.get('system', {}).get(
+                'allow_change_password', True
+            )
+            if not allow_change_password:
+                return self.http_status(403, -1, 'Password change is disabled')
+
             json_data = await quart.request.json
 
             current_password = json_data['current_password']
diff --git a/src/langbot/templates/config.yaml b/src/langbot/templates/config.yaml
index 5b99b135..e0e95b0b 100644
--- a/src/langbot/templates/config.yaml
+++ b/src/langbot/templates/config.yaml
@@ -16,6 +16,7 @@ proxy:
     https: ''
 system:
     recovery_key: ''
+    allow_change_password: true
     jwt:
         expire: 604800
         secret: ''
diff --git a/web/src/app/home/components/home-sidebar/HomeSidebar.tsx b/web/src/app/home/components/home-sidebar/HomeSidebar.tsx
index 00575a77..5083613a 100644
--- a/web/src/app/home/components/home-sidebar/HomeSidebar.tsx
+++ b/web/src/app/home/components/home-sidebar/HomeSidebar.tsx
@@ -299,24 +299,26 @@ export default function HomeSidebar({
                 </svg>
                 {t('common.helpDocs')}
               </Button>
-              <Button
-                variant="ghost"
-                className="w-full justify-start font-normal"
-                onClick={() => {
-                  setPasswordChangeOpen(true);
-                  setPopoverOpen(false);
-                }}
-              >
-                <svg
-                  xmlns="http://www.w3.org/2000/svg"
-                  viewBox="0 0 24 24"
-                  fill="currentColor"
-                  className="w-4 h-4 mr-2"
+              {systemInfo?.allow_change_password && (
+                <Button
+                  variant="ghost"
+                  className="w-full justify-start font-normal"
+                  onClick={() => {
+                    setPasswordChangeOpen(true);
+                    setPopoverOpen(false);
+                  }}
                 >
-                  <path d="M6 8V7C6 3.68629 8.68629 1 12 1C15.3137 1 18 3.68629 18 7V8H20C20.5523 8 21 8.44772 21 9V21C21 21.5523 20.5523 22 20 22H4C3.44772 22 3 21.5523 3 21V9C3 8.44772 3.44772 8 4 8H6ZM19 10H5V20H19V10ZM11 15.7324C10.4022 15.3866 10 14.7403 10 14C10 12.8954 10.8954 12 12 12C13.1046 12 14 12.8954 14 14C14 14.7403 13.5978 15.3866 13 15.7324V18H11V15.7324ZM8 8H16V7C16 4.79086 14.2091 3 12 3C9.79086 3 8 4.79086 8 7V8Z"></path>
-                </svg>
-                {t('common.changePassword')}
-              </Button>
+                  <svg
+                    xmlns="http://www.w3.org/2000/svg"
+                    viewBox="0 0 24 24"
+                    fill="currentColor"
+                    className="w-4 h-4 mr-2"
+                  >
+                    <path d="M6 8V7C6 3.68629 8.68629 1 12 1C15.3137 1 18 3.68629 18 7V8H20C20.5523 8 21 8.44772 21 9V21C21 21.5523 20.5523 22 20 22H4C3.44772 22 3 21.5523 3 21V9C3 8.44772 3.44772 8 4 8H6ZM19 10H5V20H19V10ZM11 15.7324C10.4022 15.3866 10 14.7403 10 14C10 12.8954 10.8954 12 12 12C13.1046 12 14 12.8954 14 14C14 14.7403 13.5978 15.3866 13 15.7324V18H11V15.7324ZM8 8H16V7C16 4.79086 14.2091 3 12 3C9.79086 3 8 4.79086 8 7V8Z"></path>
+                  </svg>
+                  {t('common.changePassword')}
+                </Button>
+              )}
               <Button
                 variant="ghost"
                 className="w-full justify-start font-normal"
diff --git a/web/src/app/infra/entities/api/index.ts b/web/src/app/infra/entities/api/index.ts
index dc8145fe..9ae309ac 100644
--- a/web/src/app/infra/entities/api/index.ts
+++ b/web/src/app/infra/entities/api/index.ts
@@ -235,6 +235,7 @@ export interface ApiRespSystemInfo {
   version: string;
   cloud_service_url: string;
   enable_marketplace: boolean;
+  allow_change_password: boolean;
 }
 
 export interface ApiRespPluginSystemStatus {
diff --git a/web/src/app/infra/http/index.ts b/web/src/app/infra/http/index.ts
index df46dca0..f14188cc 100644
--- a/web/src/app/infra/http/index.ts
+++ b/web/src/app/infra/http/index.ts
@@ -8,6 +8,7 @@ export let systemInfo: ApiRespSystemInfo = {
   version: '',
   enable_marketplace: true,
   cloud_service_url: '',
+  allow_change_password: true,
 };
 
 /**
