diff --git a/app/auth/forms.py b/app/auth/forms.py
index 2c7d62b..f05029f 100644
--- a/app/auth/forms.py
+++ b/app/auth/forms.py
@@ -20,4 +20,20 @@ class RegistrationForm(FlaskForm):
     def validate_username(self, username):
         user = User.query.filter_by(name=username.data).first()
         if user is not None:
-            raise ValidationError('Please use a different username.')
\ No newline at end of file
+            raise ValidationError('Please use a different username.')
+
+class ChangePasswordForm(FlaskForm):
+    old_password = PasswordField('Old Password', validators=[DataRequired(),
+                                                             Length(min=0, max=128)])
+    new_password = PasswordField('New Password', validators=[DataRequired(),
+                                                             Length(min=0, max=128)])
+    new_password2 = PasswordField(
+        'Repeat New Password', validators=[DataRequired(), EqualTo('new_password')])
+    submit = SubmitField('Apply')
+
+class SetPasswordForm(FlaskForm):
+    new_password = PasswordField('New Password', validators=[DataRequired(),
+                                                             Length(min=0, max=128)])
+    new_password2 = PasswordField(
+        'Repeat New Password', validators=[DataRequired(), EqualTo('new_password')])
+    submit = SubmitField('Set Password')
diff --git a/app/auth/routes.py b/app/auth/routes.py
index cf5ae3a..7b7d72d 100644
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@@ -6,7 +6,7 @@ from app import db
 from app.auth import bp
 from app.utils import generate_qr_code, serve_pil_image
 from app.models import User
-from app.auth.forms import LoginForm, RegistrationForm
+from app.auth.forms import LoginForm, RegistrationForm, ChangePasswordForm, SetPasswordForm
 
 @bp.route('/login', methods=['GET', 'POST'])
 def login():
@@ -94,3 +94,35 @@ def user_qrcode(auth_hash):
         abort(403)
     img = generate_qr_code(url_for('auth.user_hash_login', auth_hash=auth_hash, _external=True))
     return serve_pil_image(img)
+
+@bp.route('/set_password', methods=['GET', 'POST'])
+@bp.route('/change_password', methods=['GET', 'POST'])
+def change_password():
+    auth_hash = request.args.get('auth_hash', default=None, type=str)
+    if auth_hash:
+        user = User.query.filter_by(auth_hash=auth_hash).first_or_404()
+        login_user(user, True)
+        user.last_login = datetime.utcnow()
+    else:
+        if not current_user.is_authenticated:
+            abort(403)
+        user = User.query.filter_by(name=current_user.name).first_or_404()
+    no_old_password = not user.password_hash
+    if no_old_password:
+        form = SetPasswordForm()
+    else:
+        form = ChangePasswordForm()
+
+    if form.validate_on_submit():
+        if not no_old_password:
+            if not user.check_password(form.old_password.data):
+                flash('Invalid password')
+                return redirect(url_for('auth.change_password'))
+        user.set_password(form.new_password.data)
+        db.session.commit()
+        if no_old_password:
+            flash('Your password was set')
+        else:
+            flash('Your password was changed!')
+        return redirect(url_for('main.index'))
+    return render_template('auth/change_password.html', form=form)
\ No newline at end of file
diff --git a/app/main/routes.py b/app/main/routes.py
index a4a4478..bab9237 100644
--- a/app/main/routes.py
+++ b/app/main/routes.py
@@ -324,7 +324,7 @@ def send_location(username):
     
     # Check if previous two locations are exactly the same, if so, only update timestamp of last location
     if last_location:
-        if datetime.utcnow() - last_location.timestamp < timedelta(milliseconds=1):
+        if datetime.utcnow() - last_location.timestamp < timedelta(minutes=1):
             return '', 204
         if latitude == last_location.latitude and longitude == last_location.longitude and len(user.locations) >= 2:
             before_last_location = user.locations[-2]
@@ -336,4 +336,12 @@ def send_location(username):
     
     user.locations.append(Location(longitude=longitude, latitude=latitude))
     db.session.commit()
-    return '', 204
\ No newline at end of file
+    return '', 204
+
+@bp.route('/user/<username>')
+@login_required
+def user_profile(username):
+    user = User.query.filter_by(name=username).first_or_404()
+    if current_user != user:
+        abort(403)
+    return render_template('user_profile.html', user=user)
\ No newline at end of file
diff --git a/app/templates/auth/user_hash_login.html b/app/templates/auth/user_hash_login.html
index 4a4cd4a..b77f1a3 100644
--- a/app/templates/auth/user_hash_login.html
+++ b/app/templates/auth/user_hash_login.html
@@ -12,7 +12,7 @@
         logged out just visit this page again. However, if you want to be sure other people can't
         steal this account, please set a password.
       </p>
-      <a href="{{ url_for('main.index') }}"><button class="btn btn-primary">Set Password</button></a>
+      <a href="{{ url_for('auth.change_password', auth_hash=user.auth_hash) }}"><button class="btn btn-primary">Set Password</button></a>
       <a href="{{ url_for('auth.user_hash_login', auth_hash=user.auth_hash, login='true') }}"><button class="btn btn-primary">Start Playing!</button></a>
     </div>
   <div class="col-xs-0 col-md-1"></div>
diff --git a/app/templates/base.html b/app/templates/base.html
index 68ad074..7c28494 100644
--- a/app/templates/base.html
+++ b/app/templates/base.html
@@ -32,7 +32,7 @@
         {% if current_user.is_anonymous %}
         <li><a href="{{ url_for('auth.login') }}">Login</a></li>
         {% else %}
-        <li><a href="#"><div class="hidden-xs hidden-sm">{{ current_user.name }}{% if game is defined %}/{{ game.name }}{% endif %}</div></a></li>
+        <li><a href="{{ url_for('main.user_profile', username=current_user.name) }}"><div class="hidden-xs hidden-sm">{{ current_user.name }}{% if game is defined %}/{{ game.name }}{% endif %}</div></a></li>
         <li><a href="{{ url_for('auth.logout') }}">Logout</a></li>
         {% endif %}
       </ul>