W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2018

Re: Proposal: https://example.com/.well-known/modify-credentials

From: Patrick Kettner <Patrick.Kettner@microsoft.com>
Date: Mon, 9 Apr 2018 16:11:59 +0000
To: Jeff Goldberg <jeff@agilebits.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <BL0PR00MB03725B40DF83518203281114EEBF0@BL0PR00MB0372.namprd00.prod.outlook.com>
I spoke with the folks who own the password manager in Edge, as well as the team at LastPass and both were supportive of the effort.

Out of curiosity, has anyone spoken with the major web properties at their companies to see if they use the feature if it was launched? icloud, google stuff, etc?


cheers

patrick

________________________________
From: Jeff Goldberg <jeff@agilebits.com>
Sent: Friday, April 6, 2018 5:01 PM
To: public-webappsec@w3.org
Subject: Re: Proposal: https://example.com/.well-known/modify-credentials

Mike West <mkwst@google.com> wrote:

> I share Brad's opinion that it would be possible to do a bit more if we have server-side cooperation, and that there's real value in creating more opportunities for that kind of cooperation. I'd sketched out an automated password-changing mechanism a while back (
> https://mikewest.github.io/change-password/), which might be a reasonable place to start the conversation for something more robust if that's something in which folks end up being interested.

I completely agree that we can do more and I really want to see that. I was, indeed, thinking of your proposal when I spoke of previous attempts that were never acted on.

So I would love to see (something very much like) what you propose be available as an option. But I like offering sites the ability to add the well-known file without having to change anything else they do. I believe that that is the only way we would ever get a hint of a smidgen of initial adoption..

I think we can do both, but we also want something that is useful and dead easy for services to adopt.

Cheers,

-j

-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
https://1password.com
Received on Monday, 9 April 2018 17:29:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 9 April 2018 17:29:24 UTC