[Feature request for 1Password] Notification for updating your password

[Deleted User]
[Deleted User]
Community Member

To encourage regular updating your passwords, I would like to receive a notification when a password has been used longer than a predetermined periode of time like, for example, 3, 6 or 12 months. And/Or a notification when a password has been used more than a predetermined amount of times like 10, 50 or 100 times.

Comments

  • Tertius3
    Tertius3
    Community Member

    You don't need this. It's not best practice to regularly update passwords. It's best practice to use long strong passwords never used anywhere before, use different passwords for every single login you have, and never share a password to anyone. If you do this, there is no need to ever change a password unless you learn its service or the password itself has been compromised.

    It's even a security risk, if you change passwords frequently, because this increases the risk of accidentally updating the wrong password in your password manager, and the risk of accidentally login with an old password and trigger password recovery procedures.

    You may have heard that in corporate environments there is some requirement to change your password every 30, 60 or 90 days, but this is not best practice today. The security policies of big corporations is always kind of 10 years behind real best practice. If you force someone to change his password often, you trigger "I forgot my password" hotline support calls often, which softens the validation of password reset requests. I work at a big corporation, and I suffer from having to change my password every 90 days, and it's so easy to reset my password if I call and confess I forgot my new password I was forced to change yesterday. Everybody with enough information about me and my account would be able to do this. I say this security is lacking.

  • ag_ana
    ag_ana
    1Password Alumni

    @HaWollie:

    Tertius3 is absolutely right: we don't want to encourage regular password changes, we would rather encourage usage of strong passwords from the get go :+1:

  • bhanafee
    bhanafee
    Community Member

    My company forces password changes and doesn't allow me to use a password manager on their machines. Guess what has the weakest password I use?

  • ag_ana
    ag_ana
    1Password Alumni

    We have some ideas @bhanafee :)

This discussion has been closed.