diff --git a/flashcards/api.py b/flashcards/api.py
index d473729..f79ab3e 100644
--- a/flashcards/api.py
+++ b/flashcards/api.py
@@ -25,8 +25,16 @@ class UserDetail(APIView):
         if not currentuser.check_password(request.data['old_password']):
             raise ValidationError('Invalid old password')
 
-        currentuser.set_password(request.data['new_password'])
-        currentuser.save()
+        send_mail("Please verify your Flashy account",
+                  body % currentuser.confirmation_key,
+                  "noreply@flashy.cards",
+                  [currentuser.email])
+
+        currentuser.confirm_email( currentuser.confirmation_key )
+
+        if currentuser.isconfirmed
+            currentuser.set_password(request.data['new_password'])
+            currentuser.save()
 
         return Response(status=status.HTTP_204_NO_CONTENT)