I currently have a form for the user to change password, preferences, etc.
The password field and the confirm password field are initially blank. Only
if there is something entered in the both fields and they match is the
password changed. However, this prevents the user from using an empty
password. Admittedly, this isn't a great idea in general, I am reluctant to
require non-empty passwords. What do others do to allow a user to have an
empty password and not require that they enter the password twice every time
they edit their preferences.