User can change password without knowing the old password