For years I've had this crazy idea that there should be some web spec for an API that supports changing user passwords.
So the idea is this. A lightweight API that would provide a basic authentication mechanism, details about password requirements and last time the password had been changed for the authenticated user, and finally a mechanism to change the password.
The goal of this spec/API would be for tools like 1Password, KeePassX, LastPass, etc to offer one click password changes to their end users. Just imagine all those passwords that are years old could be reset with one click. Perhaps even automatic password rotation every 30 days. And maybe even services like watchtower that had specific knowledge of systems that were compromised could make the process easier/automated.
This need arises from the fact that changing passwords are a horrific and widely divergent experience. I'm a software engineer at a small startup, and I remember the fallout from heartbleed was changing 200+ passwords for everything from SendGrid to our company Twitter account. It took me and another co-worker hours. HOURS. Imagine being able to rotate all passwords with one click.
In conclusion, this was just kind of a brain dump. I know first hand how hard this kind of thing would be. Adoption is critical, without adoption it's pointless. This spec/API isn't something that most of us could do ourselves. Someone like 1Password or LastPass would ultimately have to spearhead this project for service providers (Google, Facebook, Twitter, etc) to take notice and implement the sec.
So yea. That's my random idea. Thanks for reading.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided