diff --git a/forms/record_upsert.go b/forms/record_upsert.go
index 1780cce2..1bd4cb6c 100644
--- a/forms/record_upsert.go
+++ b/forms/record_upsert.go
@@ -494,13 +494,16 @@ func (form *RecordUpsert) Validate() error {
 			),
 			validation.Field(
 				&form.Password,
-				validation.When(form.record.IsNew(), validation.Required),
+				validation.When(
+					(form.record.IsNew() || form.PasswordConfirm != "" || form.OldPassword != ""),
+					validation.Required,
+				),
 				validation.Length(form.record.Collection().AuthOptions().MinPasswordLength, 72),
 			),
 			validation.Field(
 				&form.PasswordConfirm,
 				validation.When(
-					(form.record.IsNew() || form.Password != ""),
+					(form.record.IsNew() || form.Password != "" || form.OldPassword != ""),
 					validation.Required,
 				),
 				validation.By(validators.Compare(form.Password)),
@@ -511,7 +514,7 @@ func (form *RecordUpsert) Validate() error {
 				// - form.manageAccess is not set
 				// - changing the existing password
 				validation.When(
-					!form.record.IsNew() && !form.manageAccess && form.Password != "",
+					!form.record.IsNew() && !form.manageAccess && (form.Password != "" || form.PasswordConfirm != ""),
 					validation.Required,
 					validation.By(form.checkOldPassword),
 				),
@@ -648,7 +651,7 @@ func (form *RecordUpsert) ValidateAndFill() error {
 			}
 		}
 
-		if form.Password != "" {
+		if form.Password != "" && form.Password == form.PasswordConfirm {
 			if err := form.record.SetPassword(form.Password); err != nil {
 				return err
 			}
diff --git a/forms/record_upsert_test.go b/forms/record_upsert_test.go
index 717b9f08..d38a3e32 100644
--- a/forms/record_upsert_test.go
+++ b/forms/record_upsert_test.go
@@ -794,6 +794,24 @@ func TestRecordUpsertAuthRecord(t *testing.T) {
 		},
 
 		// password
+		{
+			"trigger the password validations if only oldPassword is set",
+			"4q1xlclmfloku33",
+			map[string]any{
+				"oldPassword": "1234567890",
+			},
+			false,
+			true,
+		},
+		{
+			"trigger the password validations if only passwordConfirm is set",
+			"4q1xlclmfloku33",
+			map[string]any{
+				"passwordConfirm": "1234567890",
+			},
+			false,
+			true,
+		},
 		{
 			"try to update password without managed access",
 			"4q1xlclmfloku33",