Full Title or Meme
Whenever a security event is discovered the immediate call to a user is to Change Password.
Users have been inundated with requests to change their password as a sort of magic elixir when the web site doesn't really know what to do. It costs the web site nothing to push the problem onto the user.
Change to Browser
- Chrome Platform Status for A well-known URL for changing passwords.
- Editor' Draft A Well-Known URL for Changing Passwords
- chromium Issue 927473: Implement change-password-url ./well-known/change-password-url
- some web dev instructions.
A change password url of an origin is a URL that points to a resource that clients can use to discover where a user should go to update their password on origin.
Given an origin, clients generate a change password url by running these steps:
- If origin is not a potentially trustworthy origin, return failure.
- Assert: origin is a tuple origin.
- Let url be a new URL with values set as follows:
scheme origin’s scheme host origin’s host port origin’s port path « ".well-known", "change-password" ».
- Return url.