Our great sponsors
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
password-manager-resources
A place for creators and users of password managers to collaborate on resources to make password management better.
A couple of websites/companies that have implemented this (just from checking ones I could think of):
https://www.google.com/.well-known/security.txt
https://www.cloudflare.com/.well-known/security.txt
https://www.reddit.com/.well-known/security.txt
https://github.com/.well-known/security.txt
I still think iso standard would be better: https://github.com/securitytxt/securitytxt.org/issues/72
You might be thinking about:
https://github.com/apple/password-manager-resources
or the related:
https://github.com/w3c/webappsec-change-password-url
But mainly if you are responsible for a system and you're willing to do work to improve security your first focus should be "implement WebAuthn so my users can stop worrying about passwords entirely" not "I wonder if more complicated password handling would help somehow?"