Always ask for new password twice

Today on some Discourse site I want through the reset password dialog.

It only asks for the new password once.

But if you mistype it then, well you’ll certainly find out next time!

Wiser is always ask the user to confirm his/her new password.


I disagree; having to put in passwords twice is a terrible antipattern that is a holdover from the days of people using the same password on multiple sites.

I’m glad to see the back of it.

Nowadays, people [should] use a password manager as it creates and saves a site-specific password for each account.

Also consider the hassle of when your password manager doesn’t detect the second password field and you have to jump through hoops to get it and paste it in. So troublesome!

If someone does still type in their password and does fat-finger it, the remedy is easy and takes barely any time - reset it via email.


It doesn’t have anything to do with using the same password on different sites.

My password manager can’t even detect the first password field.

reset it via email.

And one day when one mistypes the single new password, when changing their password on their email account itself, or changing the master password for their password manager program, then there is nowhere to send the rescue email, and it’s “Ground control to Major Tom”…

(Gmail users probably need to set up a tent outside Google headquarters.)

I’m afraid we don’t have any influence over what password process people’s email providers use. :person_shrugging: You may need to take that up with each one.

1 Like

I empathize with you, bro, and I agree that Discourse is an outlier. I can’t think of any other login (at the account creation step) on the web that doesn’t make me type in my password twice.

A blessing and a curse of Discourse is how it tends to lean into the future and help drag the rest of us along!