Web lists-archives.com

Re: Password Manager opinions and recommendations




On Tuesday, March 27, 2018 04:08:07 AM Joe wrote:
> On Mon, 26 Mar 2018 17:38:33 -0400
> 
> rhkramer@xxxxxxxxx wrote:
> > > > Yes, at least I think so, unless there is some standard for how
> > > > to handle passwords (including changing them) on websites.  I
> > > > suspect that there isn't. There may be some commonality in
> > > > websites generated by a common website "generator" (one of those
> > > > packages that help you create a website--I think they exist, but
> > > > I've never used one--maybe Drupal is an example?
> > > 
> > > The standard exists. You change your password via the website. Then
> > > you inform your password manager of the change.
> > 
> > Ok, but that's not the kind of standard I was hoping for--I was
> > hoping for a (standard) programmatic way of changing the password on
> > a website, which, being programmatic, could be initiated by the
> > password manager.
> 
> Unless such a thing is a library function in JavaScript, then no
> commercial website will contain it...
> 
> More seriously, I doubt that such a thing exists, it would be like the
> backdoor in OpenSSL, an absolutely disastrous idea. Websites tend to
> store password data (sometimes in plain text!) insecurely enough as it
> is.
> 

Good point, although I'd expect such a function to require authentication, 
presumably by entering the old password.

> Also, many websites where security is a big issue do try to ensure that
> logins can't be made by computer.

Oh, yeah, Captchas (and such)--how could I forget about those...