diff --git a/accounts/views.py b/accounts/views.py
index cdc457a..98a23ac 100644
--- a/accounts/views.py
+++ b/accounts/views.py
@@ -43,6 +43,7 @@ def user_details(request, user):
         'directteams': Team.objects.filter(users__id=user),
         'tab': tab,
         'group_managment': settings.GROUP_MANAGMENT,
+        'password_editable': settings.PASSWORD_EDITABLE,
     })
 
 
@@ -69,6 +70,8 @@ def user_edit(request, user=None):
 
 @project_perm_required('manage_accounts')
 def user_edit_password(request, user):
+    if not settings.PASSWORD_EDITABLE:
+        raise Http404()
     user = get_object_or_404(User, id=user)
     form = AdminPasswordChangeForm(user, request.POST or None)
     if request.method == 'POST' and form.is_valid():
diff --git a/ponytracker/settings.py b/ponytracker/settings.py
index 4a5a5ee..04aa4b9 100644
--- a/ponytracker/settings.py
+++ b/ponytracker/settings.py
@@ -170,3 +170,4 @@ RESERVED_PROJECT_URLS = [
 ]
 
 GROUP_MANAGMENT = True
+PASSWORD_EDITABLE = True
diff --git a/templates/accounts/user_details.html b/templates/accounts/user_details.html
index 833b9e0..03278be 100644
--- a/templates/accounts/user_details.html
+++ b/templates/accounts/user_details.html
@@ -32,7 +32,9 @@
       {% else %}
       <a href="{% url 'activate-user' user.id %}" class="btn btn-default"><span class="glyphicon glyphicon-check"></span> activate</a>
       {% endif %}
+      {% if password_editable %}
       <a href="{% url 'edit-user-password' user.id %}" class="btn btn-info"><span class="glyphicon glyphicon-cog"></span> change password</a>
+      {% endif %}
       <a href="{% url 'edit-user' user.id %}" class="btn btn-primary"><span class="glyphicon glyphicon-edit"></span> edit</a>
       <a href="javascript:void(0);" data-item="delete" data-action="{% url 'delete-user' user.id %}" data-toggle="modal" data-target="#confirm-delete" class="btn btn-danger"><span class="glyphicon glyphicon-trash"></span> delete</a>
     </div>