The password change function works, but does not seem to follow common password change practices.
1) user should have to enter existing password along with new password and confirmation.
2) passwords should be masked and allow "view/hide", but never default to be unmasked.
3) previous passwords entered are displayed as you key in similar passwords; this is a security risk.
4) we do not require much strength to our passwords...8 characters is all. We really should require stronger passwords as there is a CC number being entered and stored.
The password change function works, but does not seem to follow common password change practices. 1) user should have to enter existing password along with new password and confirmation. 2) passwords should be masked and allow "view/hide", but never default to be unmasked. 3) previous passwords entered are displayed as you key in similar passwords; this is a security risk. 4) we do not require much strength to our passwords...8 characters is all. We really should require stronger passwords as there is a CC number being entered and stored.