diff --git a/aconnect/src/main/java/com/mfsys/aconnect/security/constant/SecurityURI.java b/aconnect/src/main/java/com/mfsys/aconnect/security/constant/SecurityURI.java
index b3c7c6f..dce9cef 100644
--- a/aconnect/src/main/java/com/mfsys/aconnect/security/constant/SecurityURI.java
+++ b/aconnect/src/main/java/com/mfsys/aconnect/security/constant/SecurityURI.java
@@ -5,5 +5,6 @@ public interface SecurityURI {
   String LOGIN = "/login";
   String REGISTER = "/signup";
   String CHANGE_PASSWORD = "/change-password";
+  String FIRST_LOGIN = "/first-login";
   String RESET_PASSWORD = "/reset-password";
 }
diff --git a/aconnect/src/main/java/com/mfsys/aconnect/security/controller/AuthenticationController.java b/aconnect/src/main/java/com/mfsys/aconnect/security/controller/AuthenticationController.java
index 1d1b3a9..8b443e2 100644
--- a/aconnect/src/main/java/com/mfsys/aconnect/security/controller/AuthenticationController.java
+++ b/aconnect/src/main/java/com/mfsys/aconnect/security/controller/AuthenticationController.java
@@ -55,6 +55,15 @@ public class AuthenticationController {
     return new ResponseEntity<>(response, HttpStatus.OK);
   }
 
+    @PostMapping(SecurityURI.FIRST_LOGIN)
+    public ResponseEntity<Map<String, String>> firstLogin(@RequestBody ChangePasswordDTO request) {
+        String message = userService.firstLogin(request);
+        Map<String, String> response = new HashMap<>();
+        response.put("message", message);
+
+        return new ResponseEntity<>(response, HttpStatus.OK);
+    }
+
   @PostMapping(SecurityURI.RESET_PASSWORD)
   public ResponseEntity<Map<String, String>> resetPassword(@RequestBody ResetPasswordDTO request) {
     String message = userService.resetPassword(request);
diff --git a/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java b/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java
index af6efe2..9c69ca1 100644
--- a/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java
+++ b/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java
@@ -61,6 +61,21 @@ public class UserService {
     return "Password changed successfully";
   }
 
+    @Transactional
+    public String firstLogin(ChangePasswordDTO request) {
+        User user = userRepository.findById(request.getUserId())
+                .orElseThrow(() -> new EntityNotFoundException("User not found with ID: " + request.getUserId()));
+
+        boolean isPasswordValid = PasswordEncryptionService.verifyPassword(request.getOldPassword(), user.getPassword());
+        if(!isPasswordValid) {
+            throw new OldPasswordNotMatch(request.getPorOrgacode());
+        }
+        user.setPassword(passwordEncryptionService.hashPassword(request.getNewPassword()));
+        user.setFirstLogin(false);
+        userRepository.save(user);
+        return "Password changed successfully";
+    }
+
   @Transactional
   public String resetPassword(ResetPasswordDTO request) {
     User user = userRepository.findById(request.getUserId())