I take the point that this may not be as general as I thought, and that warning up front is an alternative.
But in this case (or any password change case, really), it is not a "lengthy or multi-step process" and putting the old password at the end has surprised a number of people in a bad way.
Not just here, I've seen the exact same thing mentioned on twitter. See https://twitter.com/blowdart , "Wow, the kickstarter change password process is AWFUL. Prompt for existing password after? Screws up lastpass flow" - it has multiple retweets and "me too" replies.
I would have no problem with entering my password at the end of a lengthy high-value transaction, so long as that transaction hasn't also changed my password to something else earlier. Which it shouldn't.
A rule of thumb is that if a lot of people find the process is broken then the UX is probably bad, and needs a redesign.
A rule of thumb is that if a lot of people find the process is broken then the UX is probably bad, and needs a redesign.
That is true, though in this particular case it's not clear whether it really is "a lot" of people or more a vocal but possibly small group who are also using another specific tool, which might itself be the problem because it isn't flexible enough to do the job here. It sounds like you have a password generation/management tool where it is easy to delete a valuable password before you're done with it and with no way to get it back, which I would argue is probably a much more serious usability problem!
Ideally the change password process would be made clear for everyone and avoid the problem entirely, of course, and if we're just talking about a simple old/new password form (I haven't seen it) then surely that should be possible here. I'm not defending the status quo (again, I haven't seen it). I'm just saying I don't think this issue is quite as simple as you previously suggested, and possibly Kickstarter aren't the only ones with room for improvement here.
> more a vocal but possibly small group who are also using another specific tool
This has now been mentioned as a problem in 4 different tools: LastPass, KeePass, iCloud password manager and RoboForm.
While it is sadly still true that people who use password managers are a small minority, they are among the most security-conscious and technically literate users.
> It sounds like you have a password generation/management tool where it is easy to delete a valuable password before you're done with it
You could look at it that way. But I think that would be myopic. It's IMHO closer to the truth that this website is perverse about when you are done with the old password. And no other website that I have come across shares this defect.
> if we're just talking about a simple old/new password form (I haven't seen it)
Wow. So much invested in evaluated something you haven't experienced, but could easily.
But in this case (or any password change case, really), it is not a "lengthy or multi-step process" and putting the old password at the end has surprised a number of people in a bad way.
Not just here, I've seen the exact same thing mentioned on twitter. See https://twitter.com/blowdart , "Wow, the kickstarter change password process is AWFUL. Prompt for existing password after? Screws up lastpass flow" - it has multiple retweets and "me too" replies.
I would have no problem with entering my password at the end of a lengthy high-value transaction, so long as that transaction hasn't also changed my password to something else earlier. Which it shouldn't.
A rule of thumb is that if a lot of people find the process is broken then the UX is probably bad, and needs a redesign.