|
|
|
|
|
|
by Sohcahtoa82
1672 days ago
|
|
|
The check is done server-side. At the time of a password change, the server still has your old password hash stored, and in the process of changing it, you are sending both your old password and new password. The server can verify both that your new password and old password differ enough while also verifying that the old password you sent it is valid. |
|
|