How on earth can you both not accept the password I copied from my password safe and tell me that I cannot use the same pasaword again?
How on earth can you both not accept the password I copied from my password safe and tell me that I cannot use the same pasaword again?
I’ve never really understood why most systems are set up to reject a password reset if it’s the same password. Is there a security issue there that I’m not picking up on?
It seems like they should just let you reset your password anyway if you’ve reached that screen (usually using some kind of authorisation, like using a link with a token in it that gets emailed to you or something).
Having a “change password” option that allows you to not change your password would be somewhat strange ;)
The security risk I see is that the cause of you resetting your password could be that it is leaked. For that case, it is good to remind the user that they shouldn’t override it with their current password. That said it would be nice to have a “I know what I am doing” option and allow it anyway