[Bug]: Reset password functionality allows reuse of existing password

[hjetpoluru]

Describe the bug

The reset password feature permits users to set their current password as the new password during the reset process. This behavior undermines the purpose of a password reset, which is to enforce the creation of a new, secure password. Allowing the reuse of the existing password poses a potential security risk and does not align with standard password reset practices.

Expected behavior

• When entering the password on the "Continue" screen, the button should be labeled "Continue" instead of "Save."
• The system should validate the new password and reject it if it matches the existing password, prompting the user to create a different password.

Related PR - #33385

Screenshots/Recordings

Screen.Recording.2025-06-02.at.9.02.00.PM.mov

Steps to reproduce

1. Navigate to the "Reset Password" under the Security & Privacy in the settings menu.
2. Enter the "Enter password to continue"(#test007) as the "New Password"(#test007) during the reset process.
3. Confirm the password and complete the reset process.
4. Observe that the system accepts the current password as the new password without any error or warning.

Error messages or log output

Detection stage

On a feature branch

Version

12.18.1

Build type

None

Browser

Chrome

Operating system

Windows, MacOS

Hardware wallet

No response

Additional context

No response

Severity

No response

[LeVinhGithub]

Thanks @hjetpoluru
Let me forward it to my PM

[lwin-kyaw]

Hi @hjetpoluru, reset password (change password) is only added in this PR, #33385.
Updated the issue description.