Re: Proposal:

>  Maybe we have password manager folks on the list already? Would this well-known location be useful to you?


What I like about this particular proposal is that it places much less burden on site developers than other proposals that have been made over the years. In a sense, this is less ambitious than other schemes but has a much greater chance of success.

There are two uses I foresee.

1. The obvious one is when we recommend that users change a password that we can help direct them to the right resource to do so.

2. We also have a bunch of code in place to help guess whether someone has submitted a form which is a login form, a signup form, or a password change form. Making use of the information in /.well-known/modify-credentials can give us a big hint to work into our heuristics. 



Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits

Received on Monday, 9 April 2018 08:32:02 UTC