I've been changing my vulnerable passwords across services and I've come to realize how bad ppl are at password #UX. One service only lets you do it through an app, one doesn't ask for the new password a second time, one has the old password input below the new inputs!