diff --git a/data/model/legacy.py b/data/model/legacy.py
index aa968408c..2fcbfcf68 100644
--- a/data/model/legacy.py
+++ b/data/model/legacy.py
@@ -905,6 +905,7 @@ def change_password(user, new_password):
   pw_hash = hash_password(new_password)
   user.invalid_login_attempts = 0
   user.password_hash = pw_hash
+  user.uuid = str(uuid4())
   user.save()
 
   # Remove any password required notifications for the user.