
A Standard Password Change API - CmdSft
https://kryogenix.org/days/2017/02/24/a-standard-password-change-api/
======
Nomentatus
I remember suggesting a different and simpler "API" \- all websites (etc)
should be able to parse the concatenation "oldpasswordnewpassword"or perhaps
oldpassword_newpassword" where "_" is any character reserved for a delimiter.
The website would then swap the new password for the old one.

Of course, other implementations of the same idea using other ways of
distinguishing old and new are possible, too.

~~~
stuartlangridge
That would certainly be simpler, in that it just fits in to the existing
password login, but I'm not sure it helps all that much here? Mainly because
the point of this suggested approach is discoverability; your password manager
can change your password without you having to manually do it. Most of the
time, this doesn't apply; a password manager knows that such-and-such-a-site
has such-and-such a username and a password, but it doesn't know how to
actually log in with them, just that these are the values, and maybe these are
some form fields on a particular URL to fill them into.

