+1 for this.
although DB admins have ways to change that password, by introducing it twice we can save some problems as commented.... Dongsheng can you take a look to this? I think the normal registration includes that, so, for strings and reference...it's a good place.
Note that the "double password" is also missing when adding/editing users (from admin tree). Not sure if we want to double it there or no (for easier usage by admins). Although perhaps it's a goo practice to show it doubled in all the places.