Kickstarter was the latest company to have to apologize for a security breach. They encouraged me to change my password. So I did. Even though I was already signed in, I had to enter my current password to edit my account. Then, the change password form provided two fields in which to enter the new password. I clicked my 1Password button and had it insert a newly generated password. When I pressed the submit button, 1Password immediately asked me if I wanted to replace the existing password with this new one, and I of course told it to do so. Then I get this:
Yes, even though I had just entered my existing password prior to entering the new password, it again asked me to enter the old password. I had already replaced the password in 1Password, so I couldn’t have it insert it. Luckily, 1Password keeps a history of passwords for each site, so I was able to open the application, find the old password, and copy it into the field.
I understand the need to be secure, but asking for the old password after entering the new one is just confusing.