diff --git a/app/notify_client/user_api_client.py b/app/notify_client/user_api_client.py
index c1b129571..76573d2e9 100644
--- a/app/notify_client/user_api_client.py
+++ b/app/notify_client/user_api_client.py
@@ -72,6 +72,12 @@ class UserApiClient(NotifyAdminAPIClient):
         user_data = self.post(url, data=data)
         return User(user_data['data'], max_failed_login_count=self.max_failed_login_count)
 
+    def update_password(self, user_id, password):
+        data = {"_password": password}
+        url = "/user/{}/update-password".format(user_id)
+        user_data = self.post(url, data=data)
+        return User(user_data['data'], max_failed_login_count=self.max_failed_login_count)
+
     def verify_password(self, user_id, password):
         try:
             url = "/user/{}/verify/password".format(user_id)
diff --git a/tests/app/notify_client/test_user_client.py b/tests/app/notify_client/test_user_client.py
index 9062ba8bd..9c056c42b 100644
--- a/tests/app/notify_client/test_user_client.py
+++ b/tests/app/notify_client/test_user_client.py
@@ -22,3 +22,14 @@ def test_client_only_updates_allowed_attributes(mocker):
     with pytest.raises(TypeError) as error:
         UserApiClient().update_user_attribute('user_id', id='1')
     assert str(error.value) == 'Not allowed to update user attributes: id'
+
+
+def test_client_updates_password_separately(mocker, api_user_active):
+    expected_url = '/user/{}/update-password'.format(api_user_active.id)
+    expected_params = {'_password': 'newpassword'}
+    client = UserApiClient()
+    client.max_failed_login_count = 1  # doesn't matter for this test
+    mock_update_password = mocker.patch('app.notify_client.user_api_client.UserApiClient.post')
+
+    client.update_password(api_user_active.id, expected_params['_password'])
+    mock_update_password.assert_called_once_with(expected_url, data=expected_params)