diff --git a/app/Http/Controllers/Api/AuthController.php b/app/Http/Controllers/Api/AuthController.php
index c52bdf8..dcd12ef 100644
--- a/app/Http/Controllers/Api/AuthController.php
+++ b/app/Http/Controllers/Api/AuthController.php
@@ -122,10 +122,15 @@ class AuthController extends Controller
         /** @var User $user */
         $user = Auth::guard('api')->user();
 
-        $validated = $request->validate([
-            'current_password' => ['required', 'current_password:api'],
+        $rules = [
             'password' => ['required', 'confirmed', Password::min(6)],
-        ]);
+        ];
+
+        if (! $user->force_password_change) {
+            $rules['current_password'] = ['required', 'current_password:api'];
+        }
+
+        $validated = $request->validate($rules);
 
         $user->password = $validated['password'];
         $user->force_password_change = false;