Migrating "A Well-Known URL for Changing Passwords" to WebAppSec from WICG

Hi all,

Currently, if the user of a password manager would like to change their
password on `example.com`, pretty much all password managers can do is
load `example.com` in a browser tab and hope the user can figure out how
to update their password themselves.

Ricky (CCed) and I have been working on a simple spec in WICG to improve
this situation & to help services discover where on a website users may
change their passwords by defining the `/.well-known/change-password`
well-known resource:

    A Well-Known URL for Changing Passwords

We think it's ready to migrate to the standards track somewhere, and
WebAppSec seems like a good fit.


Thoughts? Concerns?


Received on Monday, 4 May 2020 20:36:28 UTC