You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not sure how to word it properly, but, the ultimate goal is to enable end-users to rotate their passwords with a single click from their password manager.
I have ~400 unique secrets and most of them are some sort of web applications.
Now... I want to rotate passwords for all of them. How do I do that?
Because currently there is no any "standard" which is implemented by SSO services or WEB apps, user must manually log into each and every WEB service, navigate to the right location, request password change, open an email, and change their password. This is terrible UX. And thus people rarely decide to rotate their passwords.
IMHO there should be some kind of initiative from WEB standards which would suggest application authors to implement some sort of API which could be utilized by password managers or even scripts.
In my password manager I just would like to see some icon which indicates, that "this app supports auto password rotation" (or it's enabled by myself via some API key or something).
I know, it's not an easy task at all from perspective of security, but... it's worth at least to evaluate possibilities.
As example, we have tool like Terraform which utilizes different WEB API's to create the resources in many WEB services.
Changing the password is no different that creating or deleting domain in CloudFlare, adding or removing user in cloud VM, etc.
But the main issue is how to promote the adoption of such "standard".
With this discussion I have no any expectations. I just wanted to rise this "issue" up. Mby it could get some traction.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Not sure how to word it properly, but, the ultimate goal is to enable end-users to rotate their passwords with a single click from their password manager.
I have ~400 unique secrets and most of them are some sort of web applications.
Now... I want to rotate passwords for all of them. How do I do that?
Because currently there is no any "standard" which is implemented by SSO services or WEB apps, user must manually log into each and every WEB service, navigate to the right location, request password change, open an email, and change their password. This is terrible UX. And thus people rarely decide to rotate their passwords.
IMHO there should be some kind of initiative from WEB standards which would suggest application authors to implement some sort of API which could be utilized by password managers or even scripts.
In my password manager I just would like to see some icon which indicates, that "this app supports auto password rotation" (or it's enabled by myself via some API key or something).
I know, it's not an easy task at all from perspective of security, but... it's worth at least to evaluate possibilities.
As example, we have tool like Terraform which utilizes different WEB API's to create the resources in many WEB services.
Changing the password is no different that creating or deleting domain in CloudFlare, adding or removing user in cloud VM, etc.
But the main issue is how to promote the adoption of such "standard".
With this discussion I have no any expectations. I just wanted to rise this "issue" up. Mby it could get some traction.
Beta Was this translation helpful? Give feedback.
All reactions