Difference between revisions of "Change Password"

From MgmtWiki
Jump to: navigation, search
Line 5: Line 5:
  
 
==Solutions==
 
==Solutions==
===Change to Browser==
+
===Change to Browser===
 
*[https://www.chromestatus.com/feature/6256768407568384 Chrome Platform Status] for A well-known URL for changing passwords.
 
*[https://www.chromestatus.com/feature/6256768407568384 Chrome Platform Status] for A well-known URL for changing passwords.
 
* [https://w3c.github.io/webappsec-change-password-url/ Editor' Draft] A Well-Known URL for Changing Passwords
 
* [https://w3c.github.io/webappsec-change-password-url/ Editor' Draft] A Well-Known URL for Changing Passwords
 +
 +
A change password url of an origin is a URL that points to a resource that clients can use to discover where a user should go to update their password on origin.
 +
 +
Given an origin, clients generate a change password url by running these steps:
 +
 +
#If origin is not a potentially trustworthy origin, return failure.
 +
#Assert: origin is a tuple origin.
 +
#Let url be a new URL with values set as follows:
 +
<pre>
 +
scheme
 +
origin’s scheme
 +
 +
host
 +
origin’s host
 +
 +
port
 +
origin’s port
 +
 +
path
 +
« ".well-known", "change-password" ».
 +
</pre>
 +
#Return url.
 +
 +
 
==References==
 
==References==
  
 
[[Category: Security]]
 
[[Category: Security]]
 
[[Category: User Experience]]
 
[[Category: User Experience]]

Revision as of 19:30, 5 October 2020

Full Title or Meme

Whenever a security event is discovered the immediate call to a user is to Change Password.

Context

Users have been inundated with requests to change their password as a sort of magic elixir when the web site doesn't really know what to do. It costs the web site nothing to push the problem onto the user.

Solutions

Change to Browser

A change password url of an origin is a URL that points to a resource that clients can use to discover where a user should go to update their password on origin.

Given an origin, clients generate a change password url by running these steps:

  1. If origin is not a potentially trustworthy origin, return failure.
  2. Assert: origin is a tuple origin.
  3. Let url be a new URL with values set as follows:
scheme
origin’s scheme

host
origin’s host

port
origin’s port

path
« ".well-known", "change-password" ».
  1. Return url.


References