sodality2

Dammit I was hoping this would include password requirements. I remember reading about a similar proposal on HN before.

The way I saw it described was a field for password security requirements, a field for an API url to let you change a password, etc. This would allow password managers to easily and simply change account passwords en masse. I suppose there are security risks as well, so maybe an email going out saying "an automated password change request was made, these often come from your password manager but only if you initiated it. If you want to approve this change, click here"

tialaramex
You might be thinking about:

https://github.com/apple/password-manager-resources

or the related:

https://github.com/w3c/webappsec-change-password-url

But mainly if you are responsible for a system and you're willing to do work to improve security your first focus should be "implement WebAuthn so my users can stop worrying about passwords entirely" not "I wonder if more complicated password handling would help somehow?"