diff --git a/app/controllers/UserController.php b/app/controllers/UserController.php
index 0d038d3..a5be866 100644
--- a/app/controllers/UserController.php
+++ b/app/controllers/UserController.php
@@ -4,7 +4,8 @@ namespace App\Controller;
 
 use App\Controller\ControllerBase,
     App\Form\UserSettings as UserSettingsForm,
-    App\Model\Data\ActivityLog;
+    App\Model\Data\ActivityLog,
+    App\Model\Data\PasswordLink;
 
 class UserController extends ControllerBase
 {
@@ -21,9 +22,30 @@ class UserController extends ControllerBase
 
                 $new_pw = $form->getValue('passwordNew');
                 if (strlen($new_pw) > 0) {
+
                     $hash = password_hash($new_pw, PASSWORD_BCRYPT);
-                    $user->setPassword($hash);
+
+                    // User had a password before. just update.
+                    if (strlen($user->getPassword()) > 0) {
+                        $user->setPassword($hash);
+                    }
+                    // Else we create a password link and email.
+                    else {
+                        $link = new PasswordLink();
+                        $link->setUserId($user->getId())
+                            ->setPassword($hash)
+                            ->save();
+
+                        // TODO: Send the email here.
+
+                        $msg = "For security reasons. Before a password can be created "
+                            . "a email has been sent to <strong>{$user->getEmail()}</strong> with "
+                            . "a activation link.";
+
+                        $this->flash->notice($msg);
+                    }
                 }
+
                 $user->save();
                 $form->initialize();