Prior to modifying the password, it requires to give the current password (to make sure the user changing the password is not someone who stealed the session). The new password requires a confirmation to ensure that the user didn't make a mistake by typing his new password.