Merging change password and forgotten password process?
Both of these processes basically do the same thing - they change password. Password change usually by entering old and a new password, forgotten password by typing your mail address to which user then receives link with a token that allows them to set a new password.
Are there any cons to using only the forgotten password process for both actions? Basically - logged in user that wants to change password would click the "change password" button, which would send the link with token to their mail address and notify them about it.
I can imagine mergin both processes could be a little bit confusing for the user, checked couple of apps / sites (facebook, google, slack, asana, basecamp) and none does it, all use the old / new password approach for password change, in fact, I don't think I have ever in my life encountered a site, with these processes merged, are there any other reasons other than old / new being sort of a standard?