Suggestion: Password update reminders!

Ability to set intervals to change passwords
I would love it if 1Password could remind me to change passwords after a set amount of time, if I haven't updated them within that time frame.

This is definitely one of my weaknesses! I'm not sure if the structures in place would even allow this. And what would be the security implications, if any, of having 1Password keep track of this?

Comments

  • thightowerthightower T-Dog Agile's Mascot
    edited December 2010
    For now maybe you can try this

    1. Make a tag for 3 months, 6 months, 1 year or what ever.
    2. add all passwords to be changed to this tag
    3. Open Ical, create a reminder, and name it 1P3month etc, set date in future based upon time frame, use reoccurring event if you desire.
    4. When times up open 1P sort by tag and proceed to change those passwords.
    This has been about the easiest for me.
  • brentybrenty

    Team Member
    thightower wrote:

    For now maybe you can try this

    1. Make a tag for 3 months, 6 months, 1 year or what ever.
    2. add all passwords to be changed to this tag
    3. Open Ical, create a reminder, and name it 1P3month etc, set date in future based upon time frame, use reoccurring event if you desire.
    4. When times up open 1P sort by tag and proceed to change those passwords.
    This has been about the easiest for me.


    Wow. You always come up with the most inventive solutions, TH!

    My problem is that I am a fantastic procrastinator, so I'm not sure this would work for me. I am mostly interested in a reminder for those that slip between the cracks, and that I have forgotten about entirely. Maybe if i modify your method so that I move them to a new folder once I have updated them, and repeat this process every few months. Hmm... :mellow:
  • khadkhad Social Choreographer

    Team Member
    edited December 2010
    You may recall a previous post of mine in the Lounge which I think is appropriate to bring up once more:

    khad wrote:

    In "Changing Passwords Isn't Worth the Effort" by Neil J. Rubenking, he reviews a study by Microsoft researcher Cormac Herley that asserts, roughly, that by the time you have changed your password, a hacker has already used it. Additionally, unnecessary security advice "treats as free a resource that is actually worth $2.6 billion an hour."

    Consider that once a strong password is chosen, unless it has somehow leaked out — e.g., you told someone, someone got to your computer while 1Password was unlocked, etc. — it is just as strong on day one as it is on day 1,825. (That's five years if you're counting.) :-)

    One important caveat is that the password needs to be a strong, unique one. I want to make sure to stress that. If you are still using "starwars" or "12345678" for your password, you don't need a future reminder to change it, you need to stop reading this now and change it immediately! :-)

    Obviously, there are some companies/websites that require a password change with a certain frequency, but they usually have their own method of reminding you when you attempt to log in.

    Just a thought.
  • I agree with Khad - as strong password is just that. However, some sites limit the length and/or chars for passwords and therefore you may be forced to use a password that's not as strong as you wish. But rather than a reminder I would prefer if I could create a smart folder for records where the password is less than "excellent" and the password was last modified x months ago. All you need to do is expose the password strength and password age as filter criteria for smart folders. That way, you can keep an eye on the passwords for this less safe sites and don't get reminded about all the other passwords where the password is strong enough.

    Cheers and a Happy New Year
    Michael
  • khadkhad Social Choreographer

    Team Member
    Michael,

    It is certainly unfortunate when sites — for no good reason at all — limit the strength of the password you may use. I would love to see some Smart Folder search criteria for password strength and relative created/modified date. (Currently, 1Password only supports "absolute" dates in Smart Folder search criteria.) I will see what we can do about this in a future release. In the meantime, consider sorting your logins by password strength (View > Layout > Traditional with View > Columns > Password Strength enabled).

    I hope that helps a bit.
  • dboosterdbooster Junior Member
    A feature request:

    Once a month or so, 1password changes the password for me at every site. If this is unrealistic, how about a counter for every site that begins when you add the site to 1password. Then after a month or so, the next time you visit that site 1password can prompt with a message like "It's been x days since you last changed this password. It's good practice to change site passwords every month. You might consider doing so."

    Hows that sound?
  • sjksjk oversoul

    Team Member
    Password change/update reminders have been suggested/discussed in other topics, e.g. here.
  • khadkhad Social Choreographer

    Team Member
    Thanks for the input, dbooster. I have merged your post with the appropriate thread. Please see above and let me know if you have any further questions or comments. :-)
This discussion has been closed.