This has happened more than a few times for me, a site I’m on will suddenly not accept my correct password, forcing me to reset it, only for it to say “new password can’t be the same as the old password” when I try it as the new one, if it knew the password was the old password, why not just let me login in the first place?
Edit: I think most of the answers here are misunderstanding the question, I know for certain I’m using the correct password at first, once it forces me to reset, I type in the SAME password to check if this situation is happening and that’s when it says “new password can’t be the same as the old password”, I then give up and make a new one cuz what else can I do. This has happened about a dozen times over my time on the internet
In: 25
Passwords are (should be) stored in a database as a “hash”
When you put in your password, the website hashes it then compares the hash to the database.
When. You do a password reset, it compares the hash of your replacement password to the existing hash.
A hash is a one-way trap. We can’t (easily, quickly) convert a hash back to a password which is why the site cannot tell you the password. Of course, if it can it probably means your password is stored in a cleartext or reversible database. This is bad.
Latest Answers