I just changed my password (I've been changing them everywhere after I heard about heartbleed), and I noticed that all I had to do here was enter the new one. Wouldn't it be a good idea to have users re-enter the password in a second form to make sure they don't leave the caps lock on or mistype it?
This is actually a good question and one that comes up a lot in terms of design / user experience / web development. Traditionally you were asked to enter your password twice to avoid misspellings, etc. Today, because of email verification, reset links, and people's increased familiarity with typing passwords, it's fairly common to only see one password form. The chances that you mistype a password are slim to none as users typically use a set password (with slight variations) or copy & paste a randomly generated password. Some argue that it's more likely that you'll make an error typing the password twice than once. And when you do, the frustration begins. Now you get an error saying "Passwords don't match!", you have to clear both fields, and then retype the password twice again. That's annoying to say the least. The best user experience is to have one password field + a recover password feature that works flawlessly. Here's a good UX discussion on stackexchange another another As early as 2010, we were seeing the second password field disappear from major sites - Facebook, dropbox, etc.