At the moment, unless I've missed the setting somewhere, it's only possible for the person who has access to the Control Center (Admin) to change passwords.
Would be great if users could change their own passwords if they happen to be compromised, rather than relying on the Admin to change it.
I guess the Admin would still have the ability to overwrite/reset it if need be, however, would be good if users could set their account password. Also means the Admin doesn't need to know user passwords.
I hope that makes sense.