Feature Request - Security - Password Expiration

Having good passwords stored in a secure way (thank you 1Password) is a good thing.

However the application could include a feature to notify users that password should be changed.

Like KeePassX the password stored in 1Password could have an extra field to store the date the last time the password was choosen. The user could be notified of a password change needed by sending a notification. The number of days for an expired password must be configurable globally or at account level. The application should also include a view of all passwords sorted based on the last password change date.

Comments

  • brentybrenty

    Team Member

    @MorgothSauron: Thanks for reaching out. I’m sorry for the confusion! Passwords should not be changed without good reason. Something like:

    1. Password is weak
    2. Password has been reused
    3. Password has been compromised

    For #1 and #2, since you're using 1Password, hopefully you're using long, strong, unique passwords for each website, so that won't be an issue in that case. And for #3, that still isn't time-based. A truly random password you generate today will be no better than one you generated in 1Password even a decade ago (unless you used a very short length originally, perhaps due to account limitations). So ultimately while it's definitely good to change passwords if there is something wrong with them, there isn't any security benefit to discarding them solely due to time.

    That said, finding weak, reused, or compromised passwords is important. The desktop apps can help with this, with Watchtower (#3) and other Security Audit (#1 and #2) features. It isn't something 1Password for Android can do currently, but perhaps as devices become even more powerful, searching and filtering in real time will allow us to add these kinds of features there as well. Thanks for bringing this up! :)

  • Ok, without a password change (I use strong password generated by 1P) it would be interesting to know when password was changed the last time.

    With a filter sorting password by date I could identify 'sensitive' accounts for which I want a 'regular' password change (6 months to 12 months).

    I can still add a reminder in my calendar for password change, but having application showing last password change would help track which one I changed and those I didn't.

  • brentybrenty

    Team Member
    edited December 2017

    Ok, without a password change (I use strong password generated by 1P) it would be interesting to know when password was changed the last time.

    @MorgothSauron: I agree completely. We're working on some changes to the item editor, and version 6.7 includes modified dates in the item details. :)

    With a filter sorting password by date I could identify 'sensitive' accounts for which I want a 'regular' password change (6 months to 12 months).

    Again, this doesn't offer any security benefit then unless the account is compromised, just extra work for you. ;)

    I can still add a reminder in my calendar for password change, but having application showing last password change would help track which one I changed and those I didn't.

    Yup! :chuffed:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file