Change Password
From MgmtWiki
Contents
Full Title or Meme
Whenever a security event is discovered the immediate call to a user is to Change Password.
Context
Users have been inundated with requests to change their password as a sort of magic elixir when the web site doesn't really know what to do. It costs the web site nothing to push the problem onto the user.
Solutions
Well-known URIs
- RFC 5785 §1.1 Appropriate Use of Well-Known URIs
There are a number of possible ways that applications could use Well- known URIs. However, in keeping with the Architecture of the World- Wide Web [W3C.REC-webarch-20041215], well-known URIs are not intended for general information retrieval or establishment of large URI namespaces on the Web. Rather, they are designed to facilitate discovery of information on a site when it isn't practical to use other mechanisms; for example, when discovering policy that needs to be evaluated before a resource is accessed, or when using multiple round-trips is judged detrimental to performance.
Change to Browser
- Chrome Platform Status for A well-known URL for changing passwords.
- Editor' Draft A Well-Known URL for Changing Passwords
- chromium Issue 927473: Implement change-password-url ./well-known/change-password-url
- some web dev instructions.
A change password url of an origin is a URL that points to a resource that clients can use to discover where a user should go to update their password on origin.
Given an origin, clients generate a change password url by running these steps:
- If origin is not a potentially trustworthy origin, return failure.
- Assert: origin is a tuple origin.
- Let url be a new URL with values set as follows:
scheme origin’s scheme host origin’s host port origin’s port path « ".well-known", "change-password" ».
- Return url.
