I just changed my password (I've been changing them everywhere after I heard about heartbleed), and I noticed that all I had to do here was enter the new one. Wouldn't it be a good idea to have users re-enter the password in a second form to make sure they don't leave the caps lock on or mistype it?