Users of the system can change their passwords using the password window. This has a fairly standard interface where users need to enter their old password, and then input the new password twice to change it. In addition the system administrator can add new users by writing the new user's name in the bottom input line in addition to the new user's password and the administrators old password. The system doesn't report any failures at the database end, so it is possible for the command to fail silently (though this has never happened in my experience). (Something that would be nice to fix if ther's anyone out there).