Email or username:

Password:

Forgot your password?
Top-level
Erik van Straten

@valorin : thanks, I wasn't aware of the existence of an RFC for a default change-password file!

For those interested: internet.nl checks any webserver for, among a lot of other things, the existence of the security.txt file (it shows its results in English, you don't have to know what Goudse kaas, stroopwafels and hagelslag mean ;-)

Best practices: internet.nl checks for lawful requirements of Dutch (Netherlands) governmental websites. After more than a year since that law came into effect, still a lot of govt. websites do not fully comply. In particular, many have still not set up HSTS correctly, such as Almere (internet.nl/site/almere.nl/295 - not detected by developer.mozilla.org/en-US/ob).

Unfortunately HSTS (which too often does not work) still has to help internet users, as browsers still do not *enforce* https connections in a sensible way (infosec.exchange/@ErikvanStrat).

(Coen Wesselman @wsslmn : do you like the idea of adding a check for "/.well-known/change-password", and if so, is that something you could ask to be included in the tests by internet.nl?)

#changepassword #change_password #security_txt #websites #website #webserver #SIDN #internet_nl #HSTS #MDN

2 comments
Coen Wesselman

@ErikvanStraten personally I will share this with the @internet_nl project team, and let you know.

Personally this would improve password management for me. Too often the tools struggle with password changes and storing the right information to access an account.

@bartknubben @valorin

Internet.nl

@wsslmn @ErikvanStraten @valorin @bartknubben
Thanks, interesting! This one is also new to us and we haven’t studied it in detail yet. If you like a test for it to be implemented in Internet.nl, please file an issue at github.com/internetstandards/I. However, no guarantees if and when we can pick this up because the roadmap with improvements we are working on is already pretty full. 😅

Go Up