diff --git a/changelogs/client_server/newsfragments/1843.clarification b/changelogs/client_server/newsfragments/1843.clarification
new file mode 100644
index 000000000..7ccfe4a71
--- /dev/null
+++ b/changelogs/client_server/newsfragments/1843.clarification
@@ -0,0 +1 @@
+Clarify that an access token is optional on the `POST /account/password` and `POST /account/deactivate` endpoints.
\ No newline at end of file
diff --git a/data/api/client-server/registration.yaml b/data/api/client-server/registration.yaml
index afd304594..84aef5b12 100644
--- a/data/api/client-server/registration.yaml
+++ b/data/api/client-server/registration.yaml
@@ -387,6 +387,7 @@ paths:
         access token provided in the request. Whether other access tokens for
         the user are revoked depends on the request parameters.
       security:
+        - {}
         - accessTokenQuery: []
         - accessTokenBearer: []
       operationId: changePassword
@@ -592,6 +593,7 @@ paths:
         parameter because the homeserver is expected to sign the request to the
         identity server instead.
       security:
+        - {}
         - accessTokenQuery: []
         - accessTokenBearer: []
       operationId: deactivateAccount