Password Change Functionality:- Applications should have the password change functionality, to allow the users to change their passwords if they want & to allow periodic password expiration (if required). User should change their password quickly to reduce the risk of unauthorized use.
From a security point of view, this needs to be highly protected against misuse.
Prevent Misuse of Password Change Functionality:-
The password change function should be accessible within an authenticated session only.
If user enters wrong password more than three times in 'Existing Password' field, then password change functionality should be temporarily suspended. So that unauthorized user can't use this functionality for long time duration.
There should not be any feature to provide a username, either explicitly or via a hidden form field or cookie. Users have no valid need to change other user's password.
To prevent mistakes, new password should be entered twice.
The 'new password' & 'confirm new password' fields should be compare in its first step & should return an error message if they don't match.
Users should get notification via e-mail that their password has been changed, but the message should not contain either their old or new credentials.
For in-depth protection viewpoint, the function should be secured from unauthorized access gained via some security fault in the application such as a cross-site scripting, session hijacking vulnerability, or unattended terminal. To prevent from this, user should be required to re-enter their existing password.
This function should block the various attacks that can be made against the main login process.