diff --git a/occupi-backend/pkg/handlers/api_handlers.go b/occupi-backend/pkg/handlers/api_handlers.go
index db32b9b6..db7e8e56 100644
--- a/occupi-backend/pkg/handlers/api_handlers.go
+++ b/occupi-backend/pkg/handlers/api_handlers.go
@@ -514,10 +514,22 @@ func UpdateSecuritySettings(ctx *gin.Context, appsession *models.AppSession) {
 		return
 	}
 
+	// check if the password match
+	if securitySettings.NewPassword != "" && securitySettings.NewPassword != securitySettings.NewPasswordConfirm {
+		ctx.JSON(http.StatusBadRequest, utils.ErrorResponse(
+			http.StatusBadRequest,
+			"Invalid request payload",
+			constants.InvalidRequestPayloadCode,
+			"New password and new password confirm do not match",
+			nil))
+		return
+	}
+
 	// Validate the given passwords if they exist
 	if securitySettings.CurrentPassword != "" && securitySettings.NewPassword != "" && securitySettings.NewPasswordConfirm != "" {
 		securitySetting, err := SanitizeSecuritySettingsPassword(ctx, appsession, securitySettings)
 		if err != nil {
+			logrus.Error("Failed to sanitize security settings because: ", err)
 			return
 		}
 
diff --git a/occupi-backend/pkg/handlers/auth_helpers.go b/occupi-backend/pkg/handlers/auth_helpers.go
index 2bb4dc9f..9cb4d95d 100644
--- a/occupi-backend/pkg/handlers/auth_helpers.go
+++ b/occupi-backend/pkg/handlers/auth_helpers.go
@@ -383,12 +383,14 @@ func SanitizeSecuritySettingsPassword(ctx *gin.Context, appsession *models.AppSe
 	password, err := database.GetPassword(ctx, appsession, securitySettings.Email)
 
 	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
 		return models.SecuritySettingsRequest{}, err
 	}
 
 	match, err := utils.CompareArgon2IDHash(securitySettings.CurrentPassword, password)
 
 	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
 		return models.SecuritySettingsRequest{}, err
 	}