diff --git a/passbook/audit/migrations/0005_auto_20201005_2139.py b/passbook/audit/migrations/0005_auto_20201005_2139.py
new file mode 100644
index 000000000..558c58ab6
--- /dev/null
+++ b/passbook/audit/migrations/0005_auto_20201005_2139.py
@@ -0,0 +1,37 @@
+# Generated by Django 3.1.2 on 2020-10-05 21:39
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("passbook_audit", "0004_auto_20200921_1829"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="event",
+            name="action",
+            field=models.TextField(
+                choices=[
+                    ("login", "Login"),
+                    ("login_failed", "Login Failed"),
+                    ("logout", "Logout"),
+                    ("user_write", "User Write"),
+                    ("suspicious_request", "Suspicious Request"),
+                    ("password_set", "Password Set"),
+                    ("invitation_created", "Invite Created"),
+                    ("invitation_used", "Invite Used"),
+                    ("authorize_application", "Authorize Application"),
+                    ("source_linked", "Source Linked"),
+                    ("impersonation_started", "Impersonation Started"),
+                    ("impersonation_ended", "Impersonation Ended"),
+                    ("model_created", "Model Created"),
+                    ("model_updated", "Model Updated"),
+                    ("model_deleted", "Model Deleted"),
+                    ("custom_", "Custom Prefix"),
+                ]
+            ),
+        ),
+    ]
diff --git a/passbook/audit/models.py b/passbook/audit/models.py
index db3848ed8..a6b37a648 100644
--- a/passbook/audit/models.py
+++ b/passbook/audit/models.py
@@ -96,14 +96,14 @@ class EventAction(models.TextChoices):
     LOGIN_FAILED = "login_failed"
     LOGOUT = "logout"
 
-    SIGN_UP = "sign_up"
-    AUTHORIZE_APPLICATION = "authorize_application"
+    USER_WRITE = "user_write"
     SUSPICIOUS_REQUEST = "suspicious_request"
     PASSWORD_SET = "password_set"  # noqa # nosec
 
     INVITE_CREATED = "invitation_created"
     INVITE_USED = "invitation_used"
 
+    AUTHORIZE_APPLICATION = "authorize_application"
     SOURCE_LINKED = "source_linked"
 
     IMPERSONATION_STARTED = "impersonation_started"
diff --git a/passbook/audit/signals.py b/passbook/audit/signals.py
index 28199cc1a..393051916 100644
--- a/passbook/audit/signals.py
+++ b/passbook/audit/signals.py
@@ -12,6 +12,7 @@ from django.http import HttpRequest
 
 from passbook.audit.models import Event, EventAction
 from passbook.core.models import User
+from passbook.core.signals import password_changed
 from passbook.stages.invitation.models import Invitation
 from passbook.stages.invitation.signals import invitation_created, invitation_used
 from passbook.stages.user_write.signals import user_write
@@ -58,9 +59,12 @@ def on_user_logged_out(sender, request: HttpRequest, user: User, **_):
 
 @receiver(user_write)
 # pylint: disable=unused-argument
-def on_user_write(sender, request: HttpRequest, user: User, data: Dict[str, Any], **_):
+def on_user_write(
+    sender, request: HttpRequest, user: User, data: Dict[str, Any], **kwargs
+):
     """Log User write"""
-    thread = EventNewThread("stages/user_write", request, **data)
+    thread = EventNewThread(EventAction.USER_WRITE, request, **data)
+    thread.kwargs["created"] = kwargs.get("created", False)
     thread.user = user
     thread.run()
 
@@ -93,3 +97,11 @@ def on_invitation_used(sender, request: HttpRequest, invitation: Invitation, **_
         EventAction.INVITE_USED, request, invitation_uuid=invitation.invite_uuid.hex
     )
     thread.run()
+
+
+@receiver(password_changed)
+# pylint: disable=unused-argument
+def on_password_changed(sender, user: User, password: str, **_):
+    """Log password change"""
+    thread = EventNewThread(EventAction.PASSWORD_SET, None, user=user)
+    thread.run()
diff --git a/passbook/stages/user_write/signals.py b/passbook/stages/user_write/signals.py
index 6fa602b0a..043684abc 100644
--- a/passbook/stages/user_write/signals.py
+++ b/passbook/stages/user_write/signals.py
@@ -1,5 +1,5 @@
 """passbook user_write signals"""
 from django.core.signals import Signal
 
-# Arguments: request: HttpRequest, user: User, data: Dict[str, Any]
+# Arguments: request: HttpRequest, user: User, data: Dict[str, Any], created: bool
 user_write = Signal()
diff --git a/passbook/stages/user_write/stage.py b/passbook/stages/user_write/stage.py
index 5e25297a8..cf5b6afe8 100644
--- a/passbook/stages/user_write/stage.py
+++ b/passbook/stages/user_write/stage.py
@@ -27,6 +27,7 @@ class UserWriteStageView(StageView):
             LOGGER.debug(message)
             return self.executor.stage_invalid()
         data = self.executor.plan.context[PLAN_CONTEXT_PROMPT]
+        user_created = False
         if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
             self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User()
             self.executor.plan.context[
@@ -36,6 +37,7 @@ class UserWriteStageView(StageView):
                 "Created new user",
                 flow_slug=self.executor.flow.slug,
             )
+            user_created = True
         user = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
         # Before we change anything, check if the user is the same as in the request
         # and we're updating a password. In that case we need to update the session hash
@@ -63,7 +65,9 @@ class UserWriteStageView(StageView):
                     continue
                 user.attributes[key.replace("attribute_", "", 1)] = value
         user.save()
-        user_write.send(sender=self, request=request, user=user, data=data)
+        user_write.send(
+            sender=self, request=request, user=user, data=data, created=user_created
+        )
         # Check if the password has been updated, and update the session auth hash
         if should_update_seesion:
             update_session_auth_hash(self.request, user)