If the passwords do not match, the user should be unable to click "Next" (the button is desensitized). The "Enter password" text can change to "Re-enter the password" or something similar to let the user know that the passwords don't yet match.
Hooray for flip-flopping. This screen used to work like that, but it was considered less discoverable for how to get the next button to sensitize than to just let you try to click next and then be told what the problem was.
The idea is that directly underneath the two pw entry boxes, you'd have italicized or bold text, maybe a different color or a combination of some or all of the above which says "The two passwords do not match. Please enter identical passwords to proceed" or some better text. Re-opening and CC'ing bclark and jrb as I remember this being for HIG stuff, but can't seem to find where.
Created attachment 123394 [details] password entry example You can see here where the 'Text telling you what to do next' is. This text would say: [Nothing] - when fields are empty 'Password Not Long Enough' - until password is long enough 'Please confirm password' - when password is long enough 'Passwords do not match' - until confirm password matches Until this is all done the [Next] button should be disabled.