Change Password

From MgmtWiki
Revision as of 20:38, 5 October 2020 by Tom (talk | contribs) (Solutions)

Jump to: navigation, search

Full Title or Meme

Whenever a security event is discovered the immediate call to a user is to Change Password.


Users have been inundated with requests to change their password as a sort of magic elixir when the web site doesn't really know what to do. It costs the web site nothing to push the problem onto the user.


Change to Browser

A change password url of an origin is a URL that points to a resource that clients can use to discover where a user should go to update their password on origin.

Given an origin, clients generate a change password url by running these steps:

  1. If origin is not a potentially trustworthy origin, return failure.
  2. Assert: origin is a tuple origin.
  3. Let url be a new URL with values set as follows:
   origin’s scheme

   origin’s host

   origin’s port

   « ".well-known", "change-password" ».
  1. Return url.