Do I have to create attribute just for Confirm password?
I have seen an example where the entity User contained 'NewPassword, 'PasswordConf' and Password (hash). Do I really need to add 3 attributes in order to let the users to set their passwords during their account setup? I still see domain entities as database tables so maybe that is why it seems to me very odd (add an attribute just to compare). All I'm trying to achieve is a password field and a password confirmation field. If matches, save as hash. If I rephrase: how can I easily make password verification field so I could compare them later when the button is clicked?
Have a look at the standard microflow (Administration.ChangeMyPassword) how this is done.
You'll need 3 fields 1 for the old password that is verified against the stored hashed password and 2 for the new to compare those as strings. The fourth field is the hashstring field for the user that stores the hashed password.
You could leave out the steps to verify the current password (not recommended) and then need 3 fields in total.