password-manager-resources icon indicating copy to clipboard operation
password-manager-resources copied to clipboard
verified publisher icon apple

Website provides their info via page or http header metadata

Open weitzman opened this issue 5 years ago • 5 comments

Would it be helpful to come up with a standard so that websites could declare their password url, password policy, etc. in their page metadata? I know adoption would be slow but would start helping end user experience pretty quickly once password managers start using it.

weitzman avatar Jun 06 '20 02:06 weitzman

There are:

Password change:
https://wicg.github.io/change-password-url/
Password rules:
https://www.w3schools.com/tags/att_input_pattern.asp

The reason for this whole repo is that websites like banks and such can't be bothered to comply with standards.

igor-makarov avatar Jun 06 '20 06:06 igor-makarov

@igor-makarov The pattern attribute that you cite is interesting, but limited, which is why Apple devised a different approach: https://developer.apple.com/documentation/security/password_autofill/customizing_password_autofill_rules?language=objc

rmondello avatar Jun 06 '20 06:06 rmondello

@rmondello are there plans to standardize it?

igor-makarov avatar Jun 06 '20 06:06 igor-makarov

I think the greater goal is for websites to adhere to standards (well known password change url) and not have any password restrictions at all. This isn’t helped by having a standard how to present these unwanted rules.

diktomat avatar Jun 06 '20 11:06 diktomat

@rmondello are there plans to standardize it?

https://github.com/whatwg/html/pull/4000

hober avatar Jun 09 '20 16:06 hober