We can use a well-known URL in our websites to make our change password forms discoverable by tools, like 1Password, LastPass, Bitwarden, etc.
For https://example.com, this magic URL would be https://example.com/.well-known/change-password.
Let's see how this works. 💪
A well-known URL
What is a well-known URI? It's basically a group of predefined "links" inside a /.well-known/ directory of a website.
These links can be either a HTTP redirect, like the change-password URI, or a document with a specific format, like the "well known" OpenID Connect configuration in JSON format located at /.well-known/openid-configuration. We can find an example here https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration.
Just a redirect
The specification for Well-Known Change Password URL is still in draft, but we can find examples in popular websites like GitHub, Slack, or Wikipedia.
💡 If you can't find the reset password link in a website, you can use this Well-Known URL.
Conclusion
We can programmatically advertise where a user can change their password, improving the security and usability of a website that requires authentication.
Now you can create a semantic HTML form for changing passwords and the password manager tool will do the rest.
Top comments (0)