- From: Patrick Kettner <Patrick.Kettner@microsoft.com>
- Date: Mon, 9 Apr 2018 16:11:59 +0000
- To: Jeff Goldberg <jeff@agilebits.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <BL0PR00MB03725B40DF83518203281114EEBF0@BL0PR00MB0372.namprd00.prod.outlook.com>
I spoke with the folks who own the password manager in Edge, as well as the team at LastPass and both were supportive of the effort. Out of curiosity, has anyone spoken with the major web properties at their companies to see if they use the feature if it was launched? icloud, google stuff, etc? cheers patrick ________________________________ From: Jeff Goldberg <jeff@agilebits.com> Sent: Friday, April 6, 2018 5:01 PM To: public-webappsec@w3.org Subject: Re: Proposal: https://example.com/.well-known/modify-credentials Mike West <mkwst@google.com> wrote: > I share Brad's opinion that it would be possible to do a bit more if we have server-side cooperation, and that there's real value in creating more opportunities for that kind of cooperation. I'd sketched out an automated password-changing mechanism a while back ( > https://mikewest.github.io/change-password/), which might be a reasonable place to start the conversation for something more robust if that's something in which folks end up being interested. I completely agree that we can do more and I really want to see that. I was, indeed, thinking of your proposal when I spoke of previous attempts that were never acted on. So I would love to see (something very much like) what you propose be available as an option. But I like offering sites the ability to add the well-known file without having to change anything else they do. I believe that that is the only way we would ever get a hint of a smidgen of initial adoption.. I think we can do both, but we also want something that is useful and dead easy for services to adopt. Cheers, -j –- Jeffrey Goldberg Chief Defender Against the Dark Arts @ AgileBits https://1password.com
Received on Monday, 9 April 2018 17:29:23 UTC