We can use a well-known URL in our websites to make our change password forms discoverable by tools, like 1Password, LastPass, Bitwarden, etc.
For https://example.com, this magic URL would be https://example.com/.well-known/change-password.
Let's see how this works. šŖ
A well-known URL
What is a well-known URI? It's basically a group of predefined "links" inside a /.well-known/ directory of a website.
These links can be either a HTTP redirect, like the change-password URI, or a document with a specific format, like the "well known" OpenID Connect configuration in JSON format located at /.well-known/openid-configuration. We can find an example here https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration.
Just a redirect
The specification for Well-Known Change Password URL is still in draft, but we can find examples in popular websites like GitHub, Slack, or Wikipedia.
š” If you can't find the reset password link in a website, you can use this Well-Known URL.
Conclusion
We can programmatically advertise where a user can change their password, improving the security and usability of a website that requires authentication.
Now you can create a semantic HTML form for changing passwords and the password manager tool will do the rest.
Top comments (0)