Topic: Procedure in Changing Password is not secure
I wish that in "Change Password" menu, an existing password is required and authenticated before the new password is accepted by the program. This will avoid the case where a user leave the system without logout to go to get some cookies and immediately some other people come to the screen and change the password. Although the system will automatically logout after some time, requiring existing password to be entered will make FA more secure in user point of view.