home of the madduck/ blog/
The point of repeating passwords

If I set a password for a resource, it's good to be able to enter it twice and have the system verify that the two passwords equal each other, or else a typo may bring some unpleasant surprises.

If, on the other hand, I let a system know the password for an existing resource (such as a WPA-PSK for a WLAN), there is no need in entering it twice! If it doesn't work, you probably entered the password wrongly.

It's amazing how little many software vendors think when coding. "Password?" -- "Ah yes, two input fields, it's safer that way."

The problem is especially annoying when the software needing the password is buggy, such as the Windows XP SP2 WLAN configuration: it cannot properly process WEP passphrases with special characters, so you have to enter the 13 bytes in hex. That's 26 keystrokes, and just to be sure you don't enter the password wrongly, make that 52.

Some will say that Windows users are so stupid that requiring them to enter the password twice to guard against typos and subsequent hotline calls because it doesn't work. Let them say that.

PS: Erinn, this Windows-related post I dedicate specifically to you.