|
|
|
|
|
|
by logn
4307 days ago
|
|
|
> Where are we with replacing the password? What about you load a site, get an HTTP 401 response, your browser sends back an auth header with a password generated for that domain name, based on some secret global key/password. Then in response, most sites would set a cookie. To change the password, you could have a second header that has the new password, along with the original. No usernames needed. The browsers would have a global password for cases of shared computers. Log out buttons on sites just remove the cookie. Or without cookies, just have the browser send the auth header each time until a native log out button is pressed. |
|
|
> What about you load a site, get an HTTP 401 response, your browser sends back an auth header with a password generated for that domain name, based on some secret global key/password.
You essentially describe a password manager with deterministic password generation. It has all the upsides and downsides of a regular one, except migrating passwords is harder (you need to change them instead of storing them).