diff --git a/api/client-server/registration.yaml b/api/client-server/registration.yaml
index 8114299e..ecc7a6fa 100644
--- a/api/client-server/registration.yaml
+++ b/api/client-server/registration.yaml
@@ -328,8 +328,7 @@ paths:
 
         The homeserver may change the flows available depending on whether a
         valid access token is provided. The homeserver SHOULD NOT revoke the
-        access token provided in the request, however all other access tokens
-        for the user should be revoked if the request succeeds.
+        access token provided in the request.
       security:
         - accessToken: []
       operationId: changePassword
@@ -343,6 +342,11 @@ paths:
                 type: string
                 description: The new password for the account.
                 example: "ihatebananas"
+              logout_devices:
+                type: boolean
+                description: |-
+                  Whether other access tokens should be revoked if the request succeeds. Defaults to true.
+                example: true
               auth:
                 description: |-
                   Additional authentication information for the user-interactive authentication API.
diff --git a/changelogs/client_server/newsfragments/2523.feature b/changelogs/client_server/newsfragments/2523.feature
new file mode 100644
index 00000000..6f690ea4
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2523.feature
@@ -0,0 +1 @@
+Optionally invalidate other access tokens during password modification per `MSC 2457 <https://github.com/matrix-org/matrix-doc/pull/2457>`_.