if the site knows my previous password after I reset it, why does it not accept it in the first place?

490 views

This has happened more than a few times for me, a site I’m on will suddenly not accept my correct password, forcing me to reset it, only for it to say “new password can’t be the same as the old password” when I try it as the new one, if it knew the password was the old password, why not just let me login in the first place?

Edit: I think most of the answers here are misunderstanding the question, I know for certain I’m using the correct password at first, once it forces me to reset, I type in the SAME password to check if this situation is happening and that’s when it says “new password can’t be the same as the old password”, I then give up and make a new one cuz what else can I do. This has happened about a dozen times over my time on the internet

In: 25

12 Answers

Anonymous 0 Comments

Two separate things:

1. The old password has expired. They cannot accept it and log you in because it is considered invalid and insecure.
2. The new password cannot be the same as the last one because of a security policy.

Anonymous 0 Comments

I’ve done this numerous times and for me at least, it’s likely it’s been user error. When it’s asked to change the password, I’ve tried putting the password I thought it was (and was refused initially) and it comes up that message that it cannot be the same as prev. I just then go out of the password reset and try logging in again and it works.