Feature request: Setting to change a password after x time

I want to start getting into the habit of changing my passwords every 90 days or so, because of possible security breaches, etc. If there were a setting for this (globally or by individual login/account/etc.) that would be awesome. In the meantime, I'll create reminders myself, but this is annoying.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • @disorganic you've not told us on what platform you're running 1Password or the version you're using. However, using 1Password 6 for Mac it's very easy to create a search which looks like this:

    and then click on Save to save it as a smart folder. If you then ensure you display Folders in the side bar you can see at a glance whether there are any passwords that meet your criterion.

    Stephen

  • edited November 2016

    Hi, Stephen. I'm using all platforms, and I didn't notice smart folders, to my eternal shame. Thank you!

  • brentybrenty

    Team Member

    @disorganic: If you'll indulge me, I'd like to try to talk you out of putting such a huge burden on yourself by periodically changing passwords.

    There are certainly times it's necessary to change a password (breaches, as you mentioned), but for the most part this is unnecessary. And while this may not apply to you using 1Password, frequent password changes often incentivize weaker passwords.

    Just keep in mind that a long, strong, unique password you generate randomly with 1Password for a site today will be no better than the one from 3 months ago (or 3 years ago, etc.) And even if an account has been compromised, since you're using a different password for each site, no others will be affected. Then you can change the password for that site, and others that may have been part of a database breach. 1Password's security audit features can be really helpful for that:

    Security Audit

    Strengthening weak passwords is another matter. Ultimately it's your call, of course. But I wouldn't want you to needlessly put time and energy into such a daunting task unless there's a security benefit. Cheers! :)

  • @brenty You have a point. I have, however, been getting alerts on my Equifax account stating that they have found my email with a password somewhere dodgy, so I have become more paranoid as a result. I think maybe replacing my current weak/duplicate passwords and changing the (possibly) breached ones as and when and how is good enough. Thanks!

  • brentybrenty

    Team Member

    @disorganic: Ah, well then that's different. Certainly if you have reason to believe that an account has been compromised, waste no time in changing it. My concern was routine password changes. When there's a real threat though, the stakes are different.

    It sound like, unhelpfully, you may not know what you're looking for exactly, but be sure to check Watchtower and also the excellent Have I Been Pwned site, which aggregates information on breaches, and makes it easy to find out which (if any) specific hacks have affected your email address. And certainly making sure you're not reusing passwords is good security hygiene that will inoculate you against future compromises. Cheers! :)

This discussion has been closed.