This has happened more than a few times for me, a site I’m on will suddenly not accept my correct password, forcing me to reset it, only for it to say “new password can’t be the same as the old password” when I try it as the new one, if it knew the password was the old password, why not just let me login in the first place?
Edit: I think most of the answers here are misunderstanding the question, I know for certain I’m using the correct password at first, once it forces me to reset, I type in the SAME password to check if this situation is happening and that’s when it says “new password can’t be the same as the old password”, I then give up and make a new one cuz what else can I do. This has happened about a dozen times over my time on the internet
In: 25
The real answer to your question is: the error message is wrong/unclear.
Your existing password is not longer being accepted for some reason: it could have expired, it could have been invalidated over security concerns, …
The error message should be clearer, but that’s often not a priority. It’s easy to miss or forget (the confusing error message is a transient issue anyway, once the password has been reset it no longer matters). It’s easy to deprioritise against other functionality that more directly impacts revenue because “it still works”. And in the case of potential security breaches, addressing the direct security impact (requiring a new password) is more urgent than updating the rest of the password-handling flow, which may be dealt with at a later stage.
The error message is just wrong; the reason is usually unpreparedness for a forced reset, or simple oversight during the implementation.
Latest Answers