|
|
|
|
|
|
by KMag
663 days ago
|
|
|
I agree with you, but would phrase it differently. You want some indication that any leak of your current password actually hasn't been mitigated. A failure message that your password hasn't actually changed (due to being identical) is functionally the same as allowing the password change and giving a warning that the passwords were identical (modulo some back-end details like if the password salt has changed and if the password change date has been updated). |
|
|