We've designed the system so that no one, including SailPoint or your administrators, has access to your passwords except you. They are encrypted (i.e. scrambled) on your computer, using a secure code called a local encryption key that is created based on your password. The encrypted version of the passwords is sent to SailPoint and the key is stored on your computer so no one else can decode it.
If you change your password on a different device than the one you normally use or if you change it outside of IdentityNow, you will be prompted to provide your old password as part of the reset process.
This is because the system needs your original local encryption key to access the data in your password vault and then generate a new encryption key based on the new password.
Forgotten Previous Password
If a person trying to sign in as you can't provide the previous password, their only option is to click I can't remember my previous password. This opens a warning that indicates all saved passwords on your accounts will be cleared out of your Launchpad. They can choose to cancel and return to this page. But they can't access your Launchpad or the accounts configured to launch from it.