diff --git a/src/routes/test/user-test.js b/src/routes/test/user-test.js
index 126205d71..ca7f44345 100644
--- a/src/routes/test/user-test.js
+++ b/src/routes/test/user-test.js
@@ -508,26 +508,6 @@ describe('User API', function () {
         });
     });
 
-    it('change email fails due to missing password', function (done) {
-        superagent.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
-               .query({ access_token: token })
-               .send({ email: EMAIL_0_NEW })
-               .end(function (error, result) {
-            expect(result.statusCode).to.equal(400);
-            done();
-        });
-    });
-
-    it('change email fails due to wrong password', function (done) {
-        superagent.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
-               .query({ access_token: token })
-               .send({ password: PASSWORD+PASSWORD, email: EMAIL_0_NEW })
-               .end(function (error, result) {
-            expect(result.statusCode).to.equal(403);
-            done();
-        });
-    });
-
     it('change email fails due to invalid email', function (done) {
         superagent.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
                .query({ access_token: token })
diff --git a/src/server.js b/src/server.js
index db85c41a6..2a52d4080 100644
--- a/src/server.js
+++ b/src/server.js
@@ -109,7 +109,7 @@ function initializeExpressSync() {
 
     // user routes for admins and users operating on their own account
     router.get ('/api/v1/users/:userId', usersScope, routes.user.info);
-    router.put ('/api/v1/users/:userId', usersScope, routes.user.verifyPassword, routes.user.update);
+    router.put ('/api/v1/users/:userId', usersScope, routes.user.update);
     router.post('/api/v1/users/:userId/password', usersScope, routes.user.changePassword); // changePassword verifies password
 
     // Group management