Before launching my website I try several use case and I found one interesting.
How an user retrieves his password if he lost it?
When He clicks on the link "Forgot your password?" he enters his email and a temporary access key is sent to his address. But to change his password osqa requests his old one!
Same problem when an user he's created from administration area.