diff --git a/http/login.http b/http/login.http
index 5325a55e..26ccb316 100644
--- a/http/login.http
+++ b/http/login.http
@@ -1,4 +1,4 @@
-POST localhost:8080/login
+POST localhost:8080/api/auth/login
 Content-Type: application/json
 
 {
diff --git a/src/main/kotlin/com/tistory/shanepark/dutypark/admin/controller/AdminController.kt b/src/main/kotlin/com/tistory/shanepark/dutypark/admin/controller/AdminController.kt
index 1d6b3da5..12c43739 100644
--- a/src/main/kotlin/com/tistory/shanepark/dutypark/admin/controller/AdminController.kt
+++ b/src/main/kotlin/com/tistory/shanepark/dutypark/admin/controller/AdminController.kt
@@ -1,19 +1,43 @@
 package com.tistory.shanepark.dutypark.admin.controller
 
+import com.tistory.shanepark.dutypark.member.domain.dto.MemberDto
+import com.tistory.shanepark.dutypark.member.service.MemberService
 import com.tistory.shanepark.dutypark.member.service.RefreshTokenService
 import com.tistory.shanepark.dutypark.security.domain.dto.RefreshTokenDto
+import org.springframework.data.domain.Page
+import org.springframework.data.domain.Pageable
+import org.springframework.data.domain.Sort
+import org.springframework.data.web.PageableDefault
+import org.springframework.data.web.SortDefault
 import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RequestParam
 import org.springframework.web.bind.annotation.RestController
 
 @RestController
 @RequestMapping("/admin/api/")
 class AdminController(
-    private val refreshTokenService: RefreshTokenService
+    private val refreshTokenService: RefreshTokenService,
+    private val memberService: MemberService,
 ) {
     @GetMapping("/refresh-tokens")
     fun findAllRefreshTokens(): List<RefreshTokenDto> {
         return refreshTokenService.findAllWithMemberOrderByLastUsedDesc()
     }
 
+    @GetMapping("/members")
+    fun members(
+        @PageableDefault(page = 0, size = 10)
+        @SortDefault(sort = ["name"], direction = Sort.Direction.ASC)
+        page: Pageable,
+        @RequestParam(required = false, defaultValue = "") name: String,
+    ): Page<MemberDto> {
+        return memberService.searchMembers(page, name)
+    }
+
+    @GetMapping("/members-all")
+    fun findAllMembers(): List<MemberDto> {
+        return memberService.findAll()
+    }
+
 }
diff --git a/src/main/kotlin/com/tistory/shanepark/dutypark/common/advice/ViewExceptionControllerAdvice.kt b/src/main/kotlin/com/tistory/shanepark/dutypark/common/advice/ViewExceptionControllerAdvice.kt
index 20aa08bc..4d143292 100644
--- a/src/main/kotlin/com/tistory/shanepark/dutypark/common/advice/ViewExceptionControllerAdvice.kt
+++ b/src/main/kotlin/com/tistory/shanepark/dutypark/common/advice/ViewExceptionControllerAdvice.kt
@@ -17,7 +17,7 @@ class ViewExceptionControllerAdvice {
 
     @ExceptionHandler
     fun notAuthorizedHandler(e: DutyparkAuthException, request: HttpServletRequest): ModelAndView {
-        val redirectUrl = "redirect:/login?referer=" + URLEncoder.encode(request.requestURI, "UTF-8")
+        val redirectUrl = "redirect:/auth/login?referer=" + URLEncoder.encode(request.requestURI, "UTF-8")
         return ModelAndView(redirectUrl)
     }
 
diff --git a/src/main/kotlin/com/tistory/shanepark/dutypark/member/controller/MemberController.kt b/src/main/kotlin/com/tistory/shanepark/dutypark/member/controller/MemberController.kt
deleted file mode 100644
index 232e5412..00000000
--- a/src/main/kotlin/com/tistory/shanepark/dutypark/member/controller/MemberController.kt
+++ /dev/null
@@ -1,31 +0,0 @@
-package com.tistory.shanepark.dutypark.member.controller
-
-import com.tistory.shanepark.dutypark.member.domain.dto.MemberDto
-import com.tistory.shanepark.dutypark.member.service.MemberService
-import org.springframework.data.domain.Page
-import org.springframework.data.domain.Pageable
-import org.springframework.data.domain.Sort
-import org.springframework.data.web.PageableDefault
-import org.springframework.data.web.SortDefault
-import org.springframework.web.bind.annotation.GetMapping
-import org.springframework.web.bind.annotation.RequestMapping
-import org.springframework.web.bind.annotation.RequestParam
-import org.springframework.web.bind.annotation.RestController
-
-@RestController
-@RequestMapping("/admin/api/members")
-class MemberController(
-    private val memberService: MemberService,
-) {
-
-    @GetMapping
-    fun members(
-        @PageableDefault(page = 0, size = 10)
-        @SortDefault(sort = ["name"], direction = Sort.Direction.ASC)
-        page: Pageable,
-        @RequestParam(required = false, defaultValue = "") name: String,
-    ): Page<MemberDto> {
-        return memberService.searchMembers(page, name)
-    }
-
-}
diff --git a/src/main/kotlin/com/tistory/shanepark/dutypark/member/repository/RefreshTokenRepository.kt b/src/main/kotlin/com/tistory/shanepark/dutypark/member/repository/RefreshTokenRepository.kt
index bac80745..a4318f50 100644
--- a/src/main/kotlin/com/tistory/shanepark/dutypark/member/repository/RefreshTokenRepository.kt
+++ b/src/main/kotlin/com/tistory/shanepark/dutypark/member/repository/RefreshTokenRepository.kt
@@ -1,5 +1,6 @@
 package com.tistory.shanepark.dutypark.member.repository
 
+import com.tistory.shanepark.dutypark.member.domain.entity.Member
 import com.tistory.shanepark.dutypark.security.domain.entity.RefreshToken
 import org.springframework.data.jpa.repository.EntityGraph
 import org.springframework.data.jpa.repository.JpaRepository
@@ -17,6 +18,8 @@ interface RefreshTokenRepository : JpaRepository<RefreshToken, Long> {
     @EntityGraph(attributePaths = ["member"])
     fun findAllByMemberIdOrderByLastUsedDesc(id: Long): List<RefreshToken>
 
+    fun findAllByMember(member: Member): List<RefreshToken>
+
     fun findAllByValidUntilIsBefore(now: LocalDateTime): List<RefreshToken>
 
 }
diff --git a/src/main/kotlin/com/tistory/shanepark/dutypark/member/service/RefreshTokenService.kt b/src/main/kotlin/com/tistory/shanepark/dutypark/member/service/RefreshTokenService.kt
index 841da23a..4bbaebbc 100644
--- a/src/main/kotlin/com/tistory/shanepark/dutypark/member/service/RefreshTokenService.kt
+++ b/src/main/kotlin/com/tistory/shanepark/dutypark/member/service/RefreshTokenService.kt
@@ -1,6 +1,7 @@
 package com.tistory.shanepark.dutypark.member.service
 
 import com.tistory.shanepark.dutypark.common.exceptions.DutyparkAuthException
+import com.tistory.shanepark.dutypark.member.domain.entity.Member
 import com.tistory.shanepark.dutypark.member.repository.MemberRepository
 import com.tistory.shanepark.dutypark.member.repository.RefreshTokenRepository
 import com.tistory.shanepark.dutypark.security.config.JwtConfig
@@ -63,4 +64,10 @@ class RefreshTokenService(
         return refreshTokenRepository.findAllWithMemberOrderByLastUsedDesc().map { RefreshTokenDto.of(it) }
     }
 
+    fun revokeAllRefreshTokensByMember(member: Member) {
+        val findAllByMember = refreshTokenRepository.findAllByMember(member)
+        log.info("Revoked {} refresh tokens of member {}", findAllByMember.size, member.email)
+        refreshTokenRepository.deleteAll(findAllByMember)
+    }
+
 }
diff --git a/src/main/kotlin/com/tistory/shanepark/dutypark/security/controller/AuthController.kt b/src/main/kotlin/com/tistory/shanepark/dutypark/security/controller/AuthController.kt
index 17a1d3b8..7a926934 100644
--- a/src/main/kotlin/com/tistory/shanepark/dutypark/security/controller/AuthController.kt
+++ b/src/main/kotlin/com/tistory/shanepark/dutypark/security/controller/AuthController.kt
@@ -6,6 +6,7 @@ import com.tistory.shanepark.dutypark.member.service.RefreshTokenService
 import com.tistory.shanepark.dutypark.security.config.JwtConfig
 import com.tistory.shanepark.dutypark.security.domain.dto.LoginDto
 import com.tistory.shanepark.dutypark.security.domain.dto.LoginMember
+import com.tistory.shanepark.dutypark.security.domain.dto.PasswordChangeDto
 import com.tistory.shanepark.dutypark.security.domain.entity.RefreshToken
 import com.tistory.shanepark.dutypark.security.service.AuthService
 import jakarta.servlet.http.HttpServletRequest
@@ -17,6 +18,7 @@ import org.springframework.ui.Model
 import org.springframework.web.bind.annotation.*
 
 @RestController
+@RequestMapping("/api/auth")
 class AuthController(
     private val authService: AuthService,
     private val refreshTokenService: RefreshTokenService,
@@ -25,7 +27,7 @@ class AuthController(
 ) {
     private val log = org.slf4j.LoggerFactory.getLogger(AuthController::class.java)
 
-    @PostMapping("/login")
+    @PostMapping("login")
     fun login(
         @RequestBody loginDto: LoginDto,
         model: Model,
@@ -85,6 +87,18 @@ class AuthController(
         }
     }
 
+    @PutMapping("password")
+    fun changePassword(
+        @Login loginMember: LoginMember,
+        @RequestBody(required = true) param: PasswordChangeDto
+    ): ResponseEntity<String> {
+        if (loginMember.id != param.memberId && !loginMember.isAdmin) {
+            throw DutyparkAuthException("You are not authorized to change this password")
+        }
+        authService.changePassword(param, loginMember.isAdmin)
+        return ResponseEntity.ok().body("Password Changed")
+    }
+
     @GetMapping("/status")
     fun loginStatus(
         @Login(required = false)
diff --git a/src/main/kotlin/com/tistory/shanepark/dutypark/security/controller/AuthViewController.kt b/src/main/kotlin/com/tistory/shanepark/dutypark/security/controller/AuthViewController.kt
index 6050a565..64750338 100644
--- a/src/main/kotlin/com/tistory/shanepark/dutypark/security/controller/AuthViewController.kt
+++ b/src/main/kotlin/com/tistory/shanepark/dutypark/security/controller/AuthViewController.kt
@@ -7,12 +7,16 @@ import jakarta.servlet.http.HttpSession
 import org.springframework.http.HttpHeaders
 import org.springframework.stereotype.Controller
 import org.springframework.ui.Model
-import org.springframework.web.bind.annotation.*
+import org.springframework.web.bind.annotation.CookieValue
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.RequestHeader
+import org.springframework.web.bind.annotation.RequestMapping
 
 @Controller
+@RequestMapping("/auth")
 class AuthViewController : ViewController() {
 
-    @GetMapping("/login")
+    @GetMapping("login")
     fun loginPage(
         @CookieValue(name = "rememberMe", required = false) rememberMe: String?,
         @RequestHeader(HttpHeaders.REFERER, required = false) referer: String?,
diff --git a/src/main/kotlin/com/tistory/shanepark/dutypark/security/domain/dto/PasswordChangeDto.kt b/src/main/kotlin/com/tistory/shanepark/dutypark/security/domain/dto/PasswordChangeDto.kt
new file mode 100644
index 00000000..11e2b467
--- /dev/null
+++ b/src/main/kotlin/com/tistory/shanepark/dutypark/security/domain/dto/PasswordChangeDto.kt
@@ -0,0 +1,7 @@
+package com.tistory.shanepark.dutypark.security.domain.dto
+
+data class PasswordChangeDto(
+    val memberId: Long,
+    val currentPassword: String?,
+    val newPassword: String
+)
diff --git a/src/main/kotlin/com/tistory/shanepark/dutypark/security/filters/AdminAuthFilter.kt b/src/main/kotlin/com/tistory/shanepark/dutypark/security/filters/AdminAuthFilter.kt
index de93d3cf..3ae42e25 100644
--- a/src/main/kotlin/com/tistory/shanepark/dutypark/security/filters/AdminAuthFilter.kt
+++ b/src/main/kotlin/com/tistory/shanepark/dutypark/security/filters/AdminAuthFilter.kt
@@ -25,7 +25,7 @@ class AdminAuthFilter : Filter {
             log.info("$loginMember is not admin.")
             response.sendError(HttpServletResponse.SC_FORBIDDEN)
         }
-        response.sendRedirect("/login")
+        response.sendRedirect("/auth/login")
     }
 
 
diff --git a/src/main/kotlin/com/tistory/shanepark/dutypark/security/service/AuthService.kt b/src/main/kotlin/com/tistory/shanepark/dutypark/security/service/AuthService.kt
index 7382bba3..729c394a 100644
--- a/src/main/kotlin/com/tistory/shanepark/dutypark/security/service/AuthService.kt
+++ b/src/main/kotlin/com/tistory/shanepark/dutypark/security/service/AuthService.kt
@@ -5,6 +5,7 @@ import com.tistory.shanepark.dutypark.member.repository.MemberRepository
 import com.tistory.shanepark.dutypark.member.service.RefreshTokenService
 import com.tistory.shanepark.dutypark.security.domain.dto.LoginDto
 import com.tistory.shanepark.dutypark.security.domain.dto.LoginMember
+import com.tistory.shanepark.dutypark.security.domain.dto.PasswordChangeDto
 import com.tistory.shanepark.dutypark.security.domain.entity.RefreshToken
 import com.tistory.shanepark.dutypark.security.domain.enums.TokenStatus
 import jakarta.servlet.http.Cookie
@@ -79,4 +80,24 @@ class AuthService(
         response.addCookie(cookie)
     }
 
+    fun changePassword(param: PasswordChangeDto, byAdmin: Boolean = false) {
+        val member = memberRepository.findById(param.memberId).orElseThrow {
+            log.info("change password failed. member not exist:${param.memberId}")
+            throw DutyparkAuthException("존재하지 않는 회원입니다.")
+        }
+
+        if (!byAdmin) {
+            val passwordMatch = passwordEncoder.matches(param.currentPassword, member.password)
+            if (!passwordMatch) {
+                log.info("change password failed. password not match:${param.memberId}")
+                throw DutyparkAuthException("비밀번호가 일치하지 않습니다.")
+            }
+        }
+
+        member.password = passwordEncoder.encode(param.newPassword)
+        refreshTokenService.revokeAllRefreshTokensByMember(member)
+
+        log.info("Member password changed. member:${param.memberId}")
+    }
+
 }
diff --git a/src/main/resources/static/css/base.css b/src/main/resources/static/css/base.css
index f2337872..9e989557 100644
--- a/src/main/resources/static/css/base.css
+++ b/src/main/resources/static/css/base.css
@@ -1,13 +1,9 @@
 @font-face {
+    src: url('../fonts/NexonMaplestoryLight.woff2') format('woff2');
+    font-display: swap;
     font-family: 'NexonMaplestory';
     font-weight: 300;
     font-style: normal;
-    src: url('https://cdn.jsdelivr.net/gh/webfontworld/NexonMaplestory/NexonMaplestoryLight.eot');
-    src: url('https://cdn.jsdelivr.net/gh/webfontworld/NexonMaplestory/NexonMaplestoryLight.eot?#iefix') format('embedded-opentype'),
-    url('https://cdn.jsdelivr.net/gh/webfontworld/NexonMaplestory/NexonMaplestoryLight.woff2') format('woff2'),
-    url('https://cdn.jsdelivr.net/gh/webfontworld/NexonMaplestory/NexonMaplestoryLight.woff') format('woff'),
-    url('https://cdn.jsdelivr.net/gh/webfontworld/NexonMaplestory/NexonMaplestoryLight.ttf') format("truetype");
-    font-display: swap;
 }
 
 [v-cloak] {
@@ -15,7 +11,7 @@
 }
 
 body {
-    font-family: NexonMaplestory;
+    font-family: NexonMaplestory, sans-serif;
     --bs-body-font-family: NexonMaplestory;
 }
 
diff --git a/src/main/resources/static/fonts/NexonMaplestoryLight.woff2 b/src/main/resources/static/fonts/NexonMaplestoryLight.woff2
new file mode 100644
index 00000000..a68f2ca5
Binary files /dev/null and b/src/main/resources/static/fonts/NexonMaplestoryLight.woff2 differ
diff --git a/src/main/resources/templates/admin/admin-home.html b/src/main/resources/templates/admin/admin-home.html
index 5d3b81b7..73e8b851 100644
--- a/src/main/resources/templates/admin/admin-home.html
+++ b/src/main/resources/templates/admin/admin-home.html
@@ -1,34 +1,44 @@
-Active Refresh Tokens
+<h1>Active Refresh Tokens</h1>
 <div class="refresh-tokens" v-cloak>
-  <div v-for="user in users">
-    <table>
-      <colgroup>
-        <col style="width: 60px;">
-        <col style="width: 150px;">
-        <col style="width: 150px;">
-        <col style="width: 200px;">
-        <col style="width: 120px;">
-        <col style="width: 120px;">
-      </colgroup>
-      <tr>
-        <th colspan="6" style="text-align: center; font-size:1.3em;">{{ user.name }}</th>
-      </tr>
-      <tr>
-        <th></th>
-        <th>Last active</th>
-        <th>Ip</th>
-        <th>Device</th>
-        <th>Browser</th>
-      </tr>
-      <tr v-for="(token, index) in user.tokens">
-        <td>{{ index+1 }}</td>
-        <td>{{ token.lastUsed | fromNow }}</td>
-        <td>{{ token.remoteAddr}}</td>
-        <td>{{ token.userAgent ? token.userAgent.device : '' }}</td>
-        <td>{{ token.userAgent ? token.userAgent.browser : '' }}</td>
-      </tr>
-    </table>
-  </div>
+    <div v-for="member in members">
+        <table class="table table-striped">
+            <colgroup>
+                <col style="width: 60px;">
+                <col style="width: 150px;">
+                <col style="width: 150px;">
+                <col style="width: 200px;">
+                <col style="width: 120px;">
+                <col style="width: 150px;">
+            </colgroup>
+            <thead>
+            <tr>
+                <th class="p-3" colspan="4" style="text-align: center; font-size:1.3em;">
+                    {{ member.name }}
+                </th>
+                <th colspan="1">
+                    <button class="btn btn-outline-warning btn-sm" @click="changePassword(member)">Change Password
+                    </button>
+                </th>
+            </tr>
+            <tr>
+                <th></th>
+                <th>Last active</th>
+                <th>Ip</th>
+                <th>Device</th>
+                <th>Browser</th>
+            </tr>
+            </thead>
+            <tbody>
+            <tr v-for="(token, index) in member.tokens">
+                <td>{{ index+1 }}</td>
+                <td>{{ token.lastUsed | fromNow }}</td>
+                <td>{{ token.remoteAddr}}</td>
+                <td>{{ token.userAgent ? token.userAgent.device : '' }}</td>
+                <td>{{ token.userAgent ? token.userAgent.browser : '' }}</td>
+            </tr>
+            </tbody>
+        </table>
+    </div>
 </div>
 
 <script>
@@ -36,13 +46,24 @@
         const app = new Vue({
             el: '.refresh-tokens',
             data: {
-                users: []
+                members: []
             },
-            mounted() {
-                this.load();
+            async mounted() {
+                await this.load();
             }, methods: {
-                load: function () {
-                    $.ajax({
+                load: async function () {
+                    await $.ajax({
+                        url: '/admin/api/members-all',
+                        type: 'GET',
+                        success: function (members) {
+                            members.forEach(member => {
+                                member.tokens = [];
+                                app.members.push(member);
+                            });
+                        },
+                    })
+
+                    await $.ajax({
                         url: '/admin/api/refresh-tokens',
                         type: 'GET',
                         success: function (refreshTokens) {
@@ -55,11 +76,18 @@
                                 }
                             }
                             map.forEach((value, key) => {
-                                app.users.push({
-                                    name: value[0].memberName,
-                                    id: value[0].memberId,
-                                    tokens: value
-                                });
+                                const member = app.members.find(member => member.id === value[0].memberId);
+                                member.tokens = value;
+                            });
+                            // sort members by last active
+                            app.members.sort((a, b) => {
+                                if (a.tokens.length === 0) {
+                                    return 1;
+                                } else if (b.tokens.length === 0) {
+                                    return -1;
+                                } else {
+                                    return dayjs(b.tokens[0].lastUsed).diff(dayjs(a.tokens[0].lastUsed));
+                                }
                             });
                         },
                         error: function (error) {
@@ -67,6 +95,54 @@
                         }
                     })
                 },
+                changePassword: function (member) {
+                    Swal.fire({
+                        title: 'Change ' + member.name + '\'s password',
+                        html: '<input id="swal-input1" class="swal2-input" placeholder="New Password" type="password">' +
+                            '<input id="swal-input2" class="swal2-input" placeholder="Confirm Password" type="password">',
+                        focusConfirm: false,
+                        preConfirm: () => {
+                            const newPassword = Swal.getPopup().querySelector('#swal-input1').value;
+                            const confirmPassword = Swal.getPopup().querySelector('#swal-input2').value;
+                            if (!newPassword || !confirmPassword) {
+                                Swal.showValidationMessage(`Please enter new password and confirm password`);
+                                return false;
+                            } else if (newPassword !== confirmPassword) {
+                                Swal.showValidationMessage(`Passwords do not match`);
+                                return false;
+                            }
+                            return {
+                                memberId: member.id,
+                                newPassword: newPassword,
+                            }
+                        }
+                    }).then((result) => {
+                        if (!result.isConfirmed) {
+                            return;
+                        }
+                        $.ajax({
+                            url: '/api/auth/password',
+                            type: 'PUT',
+                            data: JSON.stringify(result.value),
+                            contentType: 'application/json',
+                            success: function () {
+                                Swal.fire({
+                                    icon: 'success',
+                                    title: 'Password changed successfully',
+                                    showConfirmButton: false,
+                                    timer: 1500
+                                })
+                            },
+                            error: function (error) {
+                                Swal.fire({
+                                    icon: 'error',
+                                    title: 'Oops...',
+                                    text: error.responseJSON.message
+                                })
+                            }
+                        })
+                    })
+                }
             }, filters: {
                 formatDate: function (value) {
                     if (value && value.length > 10) {
diff --git a/src/main/resources/templates/layout/header.html b/src/main/resources/templates/layout/header.html
index e5c2b53e..64868315 100644
--- a/src/main/resources/templates/layout/header.html
+++ b/src/main/resources/templates/layout/header.html
@@ -52,7 +52,7 @@
       </th:block>
       <th:block th:if="${loginMember == null}">
         <li class="nav-item d-lg-none">
-          <a th:href="@{/login}" class="link">로그인
+          <a th:href="@{/auth/login}" class="link">로그인
             <i class="bi bi-person-badge"></i>
           </a>
         </li>
@@ -62,7 +62,7 @@
   <!-- DIV for right side -->
   <div class="nav-right">
     <div class="d-sm-none d-lg-block" th:if="${loginMember == null}">
-      <a th:href="@{/login}" class="link">로그인
+      <a th:href="@{/auth/login}" class="link">로그인
         <i class="bi bi-person-badge"></i>
       </a>
     </div>
diff --git a/src/main/resources/templates/member/login.html b/src/main/resources/templates/member/login.html
index 9bd42fcf..1050df66 100644
--- a/src/main/resources/templates/member/login.html
+++ b/src/main/resources/templates/member/login.html
@@ -43,7 +43,7 @@
 
         $.ajax({
             type: 'POST',
-            url: '/login' + (referer ? '?referer=' + referer : ''),
+            url: '/api/auth/login' + (referer ? '?referer=' + referer : ''),
             data: JSON.stringify(data),
             contentType: 'application/json; charset=utf-8',
             success: function (referer) {
diff --git a/src/main/resources/templates/member/member.html b/src/main/resources/templates/member/member.html
index 8f9c2c97..e9db215c 100644
--- a/src/main/resources/templates/member/member.html
+++ b/src/main/resources/templates/member/member.html
@@ -1,59 +1,63 @@
 <div class="member-vue" v-cloak>
-  <div class="form-group row">
-    <label for="name" class="col-sm-2 col-form-label">이름</label>
-    <div class="col-sm-10">
-      <input type="text" readonly class="form-control-plaintext" id="name" th:value="*{member.name}">
+    <div class="form-group row">
+        <label for="name" class="col-sm-2 col-form-label">이름</label>
+        <div class="col-sm-10">
+            <input type="text" readonly class="form-control-plaintext" id="name" th:value="*{member.name}">
+        </div>
     </div>
-  </div>
-  <div class="form-group row">
-    <label for="department" class="col-sm-2 col-form-label">소속</label>
-    <div class="col-sm-10">
-      <input type="text" readonly class="form-control-plaintext" id="department" th:value="*{member.departmentName}">
+    <div class="form-group row">
+        <label for="department" class="col-sm-2 col-form-label">소속</label>
+        <div class="col-sm-10">
+            <input type="text" readonly class="form-control-plaintext" id="department"
+                   th:value="*{member.departmentName}">
+        </div>
     </div>
-  </div>
-  <div class="form-group row">
-    <label for="email" class="col-sm-2 col-form-label">이메일</label>
-    <div class="col-sm-10">
-      <input type="text" readonly class="form-control-plaintext" id="email" th:value="*{member.email}">
+    <div class="form-group row">
+        <label for="email" class="col-sm-2 col-form-label">이메일</label>
+        <div class="col-sm-10">
+            <input type="text" readonly class="form-control-plaintext" id="email" th:value="*{member.email}">
+        </div>
     </div>
-  </div>
 
-  <div class="refresh-tokens mt-5">
-    <table>
-      <thead>
-      <h4>내 아이디 로그인 정보</h4>
-      </thead>
-      <colgroup>
-        <col style="width: 60px;">
-        <col style="width: 150px;">
-        <col style="width: 150px;">
-        <col style="width: 200px;">
-        <col style="width: 120px;">
-        <col style="width: 80px;">
-      </colgroup>
-      <tr>
-        <th></th>
-        <th>마지막 접속</th>
-        <th>Ip</th>
-        <th>접속 기기</th>
-        <th>브라우저</th>
-        <th class="text-align-center">관리</th>
-      </tr>
-      <tr v-for="(token, index) in tokens">
-        <td>{{ index+1 }}</td>
-        <td>{{ token.lastUsed | fromNow }}</td>
-        <td>{{ token.remoteAddr}}</td>
-        <td>{{ token.userAgent ? token.userAgent.device : '' }}</td>
-        <td>{{ token.userAgent ? token.userAgent.browser : '' }}</td>
-        <td class="text-align-center">
-          <button v-if="!token.isCurrentLogin" class="btn btn-outline-danger btn-sm" @click="deleteToken(token.id)">
-            로그아웃
-          </button>
-          <button v-else class="btn btn-outline-success btn-sm" disabled>현재접속</button>
-        </td>
-      </tr>
-    </table>
-  </div>
+    <button class="btn btn-warning" @click="changePassword">비밀번호 변경</button>
+
+    <div class="refresh-tokens mt-5">
+        <table>
+            <thead>
+            <h4>내 아이디 로그인 정보</h4>
+            </thead>
+            <colgroup>
+                <col style="width: 60px;">
+                <col style="width: 150px;">
+                <col style="width: 150px;">
+                <col style="width: 200px;">
+                <col style="width: 120px;">
+                <col style="width: 80px;">
+            </colgroup>
+            <tr>
+                <th></th>
+                <th>마지막 접속</th>
+                <th>Ip</th>
+                <th>접속 기기</th>
+                <th>브라우저</th>
+                <th class="text-align-center">관리</th>
+            </tr>
+            <tr v-for="(token, index) in tokens">
+                <td>{{ index+1 }}</td>
+                <td>{{ token.lastUsed | fromNow }}</td>
+                <td>{{ token.remoteAddr}}</td>
+                <td>{{ token.userAgent ? token.userAgent.device : '' }}</td>
+                <td>{{ token.userAgent ? token.userAgent.browser : '' }}</td>
+                <td class="text-align-center">
+                    <button v-if="!token.isCurrentLogin" class="btn btn-outline-danger btn-sm"
+                            @click="deleteToken(token.id)">
+                        로그아웃
+                    </button>
+                    <button v-else class="btn btn-outline-success btn-sm" disabled>현재접속</button>
+                </td>
+            </tr>
+        </table>
+    </div>
 </div>
 
 <script>
@@ -102,6 +106,65 @@ <h4>내 아이디 로그인 정보</h4>
                             })
                         }
                     })
+                },
+                changePassword: function () {
+                    Swal.fire({
+                        title: '비밀번호 변경',
+                        html: '<input id="swal-input1" class="swal2-input" placeholder="현재 비밀번호" type="password">' +
+                            '<input id="swal-input2" class="swal2-input" placeholder="변경할 비밀번호" type="password">' +
+                            '<input id="swal-input3" class="swal2-input" placeholder="변경할 비밀번호 확인" type="password">',
+                        focusConfirm: false,
+                        showCancelButton: true,
+                        confirmButtonText: '변경',
+                        cancelButtonText: '취소',
+                        preConfirm: () => {
+                            const currentPassword = Swal.getPopup().querySelector('#swal-input1').value
+                            const newPassword = Swal.getPopup().querySelector('#swal-input2').value
+                            const newPasswordConfirm = Swal.getPopup().querySelector('#swal-input3').value
+                            if (!currentPassword || !newPassword || !newPasswordConfirm) {
+                                Swal.showValidationMessage(`비밀번호를 입력해주세요.`)
+                                return false
+                            }
+                            if (newPassword !== newPasswordConfirm) {
+                                Swal.showValidationMessage(`비밀번호가 일치하지 않습니다.`)
+                                return false
+                            }
+                            if (currentPassword === newPassword) {
+                                Swal.showValidationMessage(`현재 비밀번호와 동일합니다.`)
+                                return false
+                            }
+                            return {currentPassword: currentPassword, newPassword: newPassword}
+                        }
+                    }).then((result) => {
+                        if (result.isConfirmed) {
+                            const memberId = parseInt("[[${member.id}]]");
+                            result.value.memberId = memberId;
+
+                            $.ajax({
+                                url: '/api/auth/password',
+                                type: 'PUT',
+                                data: JSON.stringify(result.value),
+                                contentType: 'application/json',
+                                success: function () {
+                                    Swal.fire({
+                                        title: '비밀번호가 변경되었습니다. 다시 로그인 해주세요.',
+                                        icon: 'success',
+                                        confirmButtonText: '확인',
+                                    }).then((result) => {
+                                        location.href = '/logout';
+                                    });
+                                },
+                                error: function (error) {
+                                    Swal.fire({
+                                        title: '비밀번호 변경에 실패하였습니다.',
+                                        text: error.responseJSON.message,
+                                        icon: 'error',
+                                        confirmButtonText: '확인',
+                                    })
+                                }
+                            })
+                        }
+                    })
                 }
             }, filters: {
                 formatDate: function (value) {
diff --git a/src/test/kotlin/com/tistory/shanepark/dutypark/holiday/controller/HolidayControllerTest.kt b/src/test/kotlin/com/tistory/shanepark/dutypark/holiday/controller/HolidayControllerTest.kt
index 9cf815a2..b1befd30 100644
--- a/src/test/kotlin/com/tistory/shanepark/dutypark/holiday/controller/HolidayControllerTest.kt
+++ b/src/test/kotlin/com/tistory/shanepark/dutypark/holiday/controller/HolidayControllerTest.kt
@@ -81,7 +81,7 @@ class HolidayControllerTest : RestDocsTest() {
         val loginDto = LoginDto(email = TestData.admin.email, password = TestData.testPass)
         val loginJson = objectMapper.writeValueAsString(loginDto)
         val accessToken = mockMvc.perform(
-            MockMvcRequestBuilders.post("/login")
+            MockMvcRequestBuilders.post("/api/auth/login")
                 .contentType(MediaType.APPLICATION_JSON)
                 .content(loginJson)
         ).andReturn().response.getCookie(jwtConfig.cookieName)?.let { it.value }
diff --git a/src/test/kotlin/com/tistory/shanepark/dutypark/member/service/RefreshTokenServiceTest.kt b/src/test/kotlin/com/tistory/shanepark/dutypark/member/service/RefreshTokenServiceTest.kt
index 52476914..2a74356f 100644
--- a/src/test/kotlin/com/tistory/shanepark/dutypark/member/service/RefreshTokenServiceTest.kt
+++ b/src/test/kotlin/com/tistory/shanepark/dutypark/member/service/RefreshTokenServiceTest.kt
@@ -108,4 +108,20 @@ class RefreshTokenServiceTest : DutyparkIntegrationTest() {
         refreshTokenRepository.save(token)
     }
 
+    @Test
+    fun `Revoke All refresh Tokens by Member Test`() {
+        // Given
+        assertThat(refreshTokenService.findAllWithMemberOrderByLastUsedDesc()).isEmpty()
+        val member = TestData.member
+        val refeshTokenCount = 10
+        for (i in 1..refeshTokenCount) {
+            refreshTokenService.createRefreshToken(memberId = member.id!!, null, null)
+        }
+        assertThat(refreshTokenService.findAllWithMemberOrderByLastUsedDesc()).hasSize(refeshTokenCount)
+
+        // Then
+        refreshTokenService.revokeAllRefreshTokensByMember(member)
+        assertThat(refreshTokenService.findAllWithMemberOrderByLastUsedDesc()).isEmpty()
+    }
+
 }
diff --git a/src/test/kotlin/com/tistory/shanepark/dutypark/security/controller/AuthViewControllerTest.kt b/src/test/kotlin/com/tistory/shanepark/dutypark/security/controller/AuthViewControllerTest.kt
index 8081f9ce..afe389ee 100644
--- a/src/test/kotlin/com/tistory/shanepark/dutypark/security/controller/AuthViewControllerTest.kt
+++ b/src/test/kotlin/com/tistory/shanepark/dutypark/security/controller/AuthViewControllerTest.kt
@@ -32,7 +32,7 @@ class AuthViewControllerTest : DutyparkIntegrationTest() {
         val json = objectMapper.writeValueAsString(loginDto)
 
         mockMvc.perform(
-            MockMvcRequestBuilders.post("/login")
+            MockMvcRequestBuilders.post("/api/auth/login")
                 .contentType(MediaType.APPLICATION_JSON)
                 .content(json)
         ).andExpect(status().isOk)
@@ -45,7 +45,7 @@ class AuthViewControllerTest : DutyparkIntegrationTest() {
         val json = objectMapper.writeValueAsString(loginDto)
 
         mockMvc.perform(
-            MockMvcRequestBuilders.post("/login")
+            MockMvcRequestBuilders.post("/api/auth/login")
                 .contentType(MediaType.APPLICATION_JSON)
                 .content(json)
         ).andExpect(status().isUnauthorized)
@@ -62,7 +62,7 @@ class AuthViewControllerTest : DutyparkIntegrationTest() {
 
         // When
         mockMvc.perform(
-            MockMvcRequestBuilders.post("/login")
+            MockMvcRequestBuilders.post("/api/auth/login")
                 .contentType(MediaType.APPLICATION_JSON)
                 .content(json)
         ).andExpect(status().isOk)
@@ -113,7 +113,7 @@ class AuthViewControllerTest : DutyparkIntegrationTest() {
 
         // save login session token on variable
         val accessToken = mockMvc.perform(
-            MockMvcRequestBuilders.post("/login")
+            MockMvcRequestBuilders.post("/api/auth/login")
                 .contentType(MediaType.APPLICATION_JSON)
                 .content(loginJson)
         ).andReturn().response.getCookie(jwtConfig.cookieName)?.let { it.value }
@@ -150,7 +150,7 @@ class AuthViewControllerTest : DutyparkIntegrationTest() {
 
         // save login session token on variable
         val accessToken = mockMvc.perform(
-            MockMvcRequestBuilders.post("/login")
+            MockMvcRequestBuilders.post("/api/auth/login")
                 .contentType(MediaType.APPLICATION_JSON)
                 .content(loginJson)
         ).andReturn().response.getCookie(jwtConfig.cookieName)?.let { it.value }
@@ -176,7 +176,7 @@ class AuthViewControllerTest : DutyparkIntegrationTest() {
 
         // save login session token on variable
         val accessToken = mockMvc.perform(
-            MockMvcRequestBuilders.post("/login")
+            MockMvcRequestBuilders.post("/api/auth/login")
                 .contentType(MediaType.APPLICATION_JSON)
                 .content(objectMapper.writeValueAsString(loginDto))
         ).andReturn().response.getCookie(jwtConfig.cookieName)?.let { it.value }
@@ -185,7 +185,7 @@ class AuthViewControllerTest : DutyparkIntegrationTest() {
 
         // Therefore
         mockMvc.perform(
-            MockMvcRequestBuilders.get("/status")
+            MockMvcRequestBuilders.get("/api/auth/status")
                 .contentType(MediaType.APPLICATION_JSON)
                 .cookie(Cookie(jwtConfig.cookieName, accessToken))
         ).andExpect(status().isOk)
@@ -199,7 +199,7 @@ class AuthViewControllerTest : DutyparkIntegrationTest() {
     fun `even if not login, health point doesn't throws error`() {
         // Therefore
         mockMvc.perform(
-            MockMvcRequestBuilders.get("/status")
+            MockMvcRequestBuilders.get("/api/auth/status")
                 .contentType(MediaType.APPLICATION_JSON)
         ).andExpect(status().isOk)
             .andExpect(content().string(""))
diff --git a/src/test/kotlin/com/tistory/shanepark/dutypark/security/filters/AdminAuthFilterTest.kt b/src/test/kotlin/com/tistory/shanepark/dutypark/security/filters/AdminAuthFilterTest.kt
index cae43d4a..fdcde559 100644
--- a/src/test/kotlin/com/tistory/shanepark/dutypark/security/filters/AdminAuthFilterTest.kt
+++ b/src/test/kotlin/com/tistory/shanepark/dutypark/security/filters/AdminAuthFilterTest.kt
@@ -49,7 +49,7 @@ class AdminAuthFilterTest {
 
         adminAuthFilter.doFilter(request, response, filterChain)
 
-        verify(response).sendRedirect("/login")
+        verify(response).sendRedirect("/auth/login")
     }
 
 }

{{ user.name }}
	Last active	Ip	Device	Browser
{{ index+1 }}	{{ token.lastUsed \| fromNow }}	{{ token.remoteAddr}}	{{ token.userAgent ? token.userAgent.device : '' }}	{{ token.userAgent ? token.userAgent.browser : '' }}