Re: Password Manager opinions and recommendations
On Tuesday, March 27, 2018 04:08:07 AM Joe wrote:
> On Mon, 26 Mar 2018 17:38:33 -0400
>
> rhkramer@gmail.com wrote:
> > > > Yes, at least I think so, unless there is some standard for how
> > > > to handle passwords (including changing them) on websites. I
> > > > suspect that there isn't. There may be some commonality in
> > > > websites generated by a common website "generator" (one of those
> > > > packages that help you create a website--I think they exist, but
> > > > I've never used one--maybe Drupal is an example?
> > >
> > > The standard exists. You change your password via the website. Then
> > > you inform your password manager of the change.
> >
> > Ok, but that's not the kind of standard I was hoping for--I was
> > hoping for a (standard) programmatic way of changing the password on
> > a website, which, being programmatic, could be initiated by the
> > password manager.
>
> Unless such a thing is a library function in JavaScript, then no
> commercial website will contain it...
>
> More seriously, I doubt that such a thing exists, it would be like the
> backdoor in OpenSSL, an absolutely disastrous idea. Websites tend to
> store password data (sometimes in plain text!) insecurely enough as it
> is.
>
Good point, although I'd expect such a function to require authentication,
presumably by entering the old password.
> Also, many websites where security is a big issue do try to ensure that
> logins can't be made by computer.
Oh, yeah, Captchas (and such)--how could I forget about those...
Reply to: