Hızlı yanıt: kod örneği
The rationale is that they want you to change your password. If you try to use the same password, you aren't changing your password. You're re-entering your password. So, perhaps the question then is why do they want you change your password? They want you to change your password to limit the amount of time a compromised password is valid. Whether this is a helpful mitigation or a case of the cure being worse than the disease is subject to much heated debate, but this is the reason none the less and a fairly standard policy today as it has been for many years. The thinking is that if you lose your credentials to an attacker, the attacker can then authenticate into the system as you. However, if you're required to change your password regularly, the attacker can only authenticate as you until your next password change, at which time he will no longer have your current credentials, and will once again be locked out of the system. If the system were to let you continue to use the same password, the policy would obviously be useless as the same credentials would continue to work indefinitely.