Update password policy and enforce MFA. What is the end user experience?

We currently use the minimum requirements password policy. We would like to enforce MFA however, it appears we need to update to the Strong password requirements which would require the password to be 14 character's instead of 10. If we were to enforce the Strong policy and MFA, would this just ask the end user to update on their next login or will this be proactive and send an email to the end users to make this change?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Referrer: forum-search:Update password policy and enforce MFA. What is the end user experience?


  • ag_maxag_max

    Team Member

    Hi @tmaltese333, happy to answer your question.

    The strong account password policy feature of 1Password Advanced Protection, when enabled, it applies only to future account password - i.e., when existing members attempt to change their account passwords afterwards, or when new members of the account join after the policy is enabled. Existing members of the account will not be prompted to change their account passwords, even if their current account password does not meet the requirements of the policy - this is done this way so as not to cause any disruption to your users.

    When you enforce 2FA, everyone on the team who has not already enabled this themselves will be prompted to turn on 2FA when they next unlock one of the 1Password apps or sign in from 1Password.com in a browser. Basically, the next time anyone who has an account on the team uses 1Password, and hasn't yet enabled 2FA will be required to do by visiting the 1Password.com web interface and sign in, which will then trigger the two-factor authentication setup workflow. They won't be able to keep using 1Password until they do this. They will only be asked to authenticate with their generated 2FA codes when setting up 1Password on a new device or new browser sign-in.

    In review, your users will not be prompted to change their account passwords by moving to the Strong policy. Anyone who has not currently enabled two-factor authentication will be required to do so the next time they sign in to 1Password. It may be a good idea to notify your employees ahead of time of your intention to make this change. That should help prevent any workflow interruptions for your existing team.

  • tmaltese333tmaltese333
    Community Member

    Fantastic. Thanks so much for the detailed answer. Very much appreciated.

  • ag_maxag_max

    Team Member

    Happy to help, and please let our team know if we can be of any assistance in the future.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file