The current system puts more work onto the password managers themselves, but realistically even if there was a generic API, the sites themselves aren't generic, each one requires a different series of steps with unique error messages, etc. So while an API would save some work, password managers would still need bespoke steps per site.
Seems like the issue isn't the idea, it's the way they're implementing it.
Shouldn't it be ui(api(pwd changing code)), not ui(pwd changing code) + api(pwd changing code)?
> even if there was a generic API, the sites themselves aren't generic, each one requires a different series of steps with unique error messages
Again this sounds like an implementation issue, not an idea issue.
People can use all of kinds of weird status codes if they like as long as they implement 200, 401 and 500. Those three cover the bases.
And I don't think the proposal covers any site-specific options and could standardize on key naming (`email`, `password`, `username`, etc) Password managers already keep this info and more, I think LastPass will even store your credit cards and has profiles so you can swap between business, personal and other info.
Couldn't the former use the latter?