Yes, I'm not surprised:
conn.Execute "Update users SET Password='" & txtpassword.Text = "' WHERE Username='" & txtuser.Text = "'"
^
|
Pretty sure that should be a '&' character...
BTW: Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead