spec, web.dev article. Password managers (such as the one built into Chrome) use this when they suggest the user to change their password because it is weak or was found in a leak. Implementing is straightforward, just redirect .well-known/change-password to the wiki's password change URL (/wiki/Special:ChangeCredentials/MediaWiki%5CAuth%5CPasswordAuthenticationRequest).
See also T263927: MediaWiki user and password fields should have the proper autocomplete value.