Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update change-password-URLs.json #700

Merged
merged 10 commits into from
Oct 7, 2024
Merged

Conversation

dineshtolanims
Copy link
Contributor

@dineshtolanims dineshtolanims commented Jul 10, 2023

Added change password URL for more websites, Captured these websites as a part of the product development process of a feature at Microsoft.

Overall Checklist

for password-rules.json

  • The given rule isn't particularly standard and obvious for password managers
  • Generated passwords have been tested from this rule using the Password Rules Validation Tool
  • Information has been included about the website's requirements (eg. screenshots, error messages, steps during experimentation, etc.)
  • The PR isn't documenting something that would be a common practice among password managers (e.g. minimal length of 6)

for change-password-URLs.json

  • There is no Well-Known URL for Changing Passwords (https://example.com/.well-known/change-password)
  • The URL either makes the experience better or no worse than being directed to just the domain in a non-logged-in state

for shared-credentials.json

  • There's evidence the domains are currently related (SSL certificates, DNS entries, valid links between sites, legal documents etc.)
  • If using shared, the new group serves login pages on each of the included domains, and those login pages accept accounts from the others. (For example, we wouldn't use a shared association from google.co.il to google.com, because google.co.il redirects to accounts.google.com for sign in.)
  • If using from and to, the new group, the from domain(s) redirect to the to domain to log in.

for shared-credentials-historical.json

  • You believe that the domains were associated at some point in the past and can explain that relationship

Added change password URL for more websites
Added missing comma after second last entry
@dineshtolanims dineshtolanims marked this pull request as draft October 31, 2023 08:34
@dineshtolanims dineshtolanims marked this pull request as ready for review October 31, 2023 08:34
@dineshtolanims dineshtolanims marked this pull request as draft October 31, 2023 08:43
@dineshtolanims dineshtolanims marked this pull request as ready for review October 31, 2023 08:44
rmondello and others added 8 commits October 7, 2024 17:18
Remove Wikipedia entries; these subdomains appear to implement the well-known URL for changing passwords
Can be added in a different PR:

```
    "d2jsp.org": "https://forums.d2jsp.org/settings.php?c=20",
```
Remove a handful of sites from this list because the websites appear to support the well known change password URL.
@erynofwales erynofwales merged commit 27c750a into apple:main Oct 7, 2024
5 checks passed
rmondello added a commit to rmondello/password-manager-resources that referenced this pull request Nov 6, 2024
* Update change-password-URLs.json

Added change password URL for more websites

* Update change-password-URLs.json

Added missing comma after second last entry

* Update change-password-URLs.json

Remove Wikipedia entries; these subdomains appear to implement the well-known URL for changing passwords

* Update change-password-URLs.json

indentation

* Update change-password-URLs.json

Remove the following entries (they can be submitted in another PR):

```
    "plesk.com": "https://platform360.io/licensing/licenses?from=my.plesk.com&modals%5Bchange-password%5D=true",
    "w3.org": "https://www.w3.org/users/133477/edit/password",
    "weebly.com": "https://squareup.com/settings?return_to=https://www.weebly.com/",
    "files.wordpress.com": "https://wordpress.com/me/security",
    "gov.uk": "https://www.universal-credit.service.gov.uk/sign-in",
    "mailchimp.com": "https://us5.admin.mailchimp.com/account/profile/",
    "mirror.co.uk": "https://reachplc.hub.loginradius.com/profile",
```

* Update change-password-URLs.json

Can be added in a different PR:

```
    "d2jsp.org": "https://forums.d2jsp.org/settings.php?c=20",
```

* Update change-password-URLs.json

Remove a handful of sites from this list because the websites appear to support the well known change password URL.

* Update sort order of change-password-URLs.json

* Update sort order change-password-URLs.json

* Update sort order change-password-URLs.json

---------

Co-authored-by: Ricky Mondello <rmondello@apple.com>
Co-authored-by: Eryn Wells <eryn_wells@apple.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants