Link to `<URL>/.well-known/change-password` when password is detected as compromised

Feature name

  • Link to <URL>/.well-known/change-password when password is detected as compromised.

Feature function

A new standard is in the works that proposes to redirect <URL>/.well-known/change-password to the webpage for changing your password for the respective site.

Some examples:

Using this Bitwarden could show a link to <URL>/.well-known/change-password when a password is detected as compromised.

Scenario: User clicks on :white_check_mark: next to their password to see whether it has been compromised. Bitwarden detects the password as compromised and warns the user. Bitwarden then offers the user a link to reset their password.

Issues:

  • Far from all sites support the /.well-known/change-password redirect so Bitwarden would have to check first whether the server returns a 404.

  • A site may not return a 404 but the redirect still doesn’t exist (i.e. misconfigured server). Will have to find a way to deal with that.

  • If a user has multiple URLs added, one needs to be chosen for showing the link. I’d suggest using the same as is used for generating the icon, i.e. the first.

Related topics + references

See also: