Comment 2 for bug 1371655

That's expected behavior. Policykit is caching the authentication for us for a few minutes (I forget how many). The caching is only in practice effective for swipe mode because the other modes still need the old password to switch to the new password (that part doesn't go through policykit).

We *could* stop it from caching by modifying the policykit config. But by default (and on the desktop) it caches the authentication for the 'SetPasswordMode' method on AccountsService.