Comment by thih9 Comment by thih9 4 days ago 1 reply Copy Link View on Hacker News It can be done server side too, the old password can be sent along the new one and the server can verify it.
Copy Link dspillett 10 hours ago Collapse Comment - Yes, what I meant to say that it doesn't even have to be done server-side, so the fact it happens doesn't imply the server ever sees the old password beyond it's initial setting. Reply View | 0 replies
Yes, what I meant to say that it doesn't even have to be done server-side, so the fact it happens doesn't imply the server ever sees the old password beyond it's initial setting.