how to setup password expiration timeframe
I would like to setup a rule in my 1password family that suggests when a password should be changed by how old it is. Perhaps I control wether it requires changing. But at least an option for it. If this is in settings or something I have not found it. I know there is an expiration date for Credit cards, I have not seen how to add that to other accounts. Being able to add that field to other password accounts would be great.
Alan
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Referrer: forum-search:how to setup password expiration timeframe
Comments
-
Hello @alsnyder! 👋
1Password doesn't include a reminder to change your passwords when an arbitrary amount of time has passed because we don't recommend that practice. Instead we recommend that you change your passwords if one of the following conditions is met:
- The password for a website/account is not a secure and unique password generated by 1Password.
- 1Password's Watchtower sends you a warning that your password for a website/account has been reused or was found in a data breach.
You can read more about how Watchtower helps you keep your passwords safe here: Use Watchtower to find passwords you need to change
Regular password changes for no other reason but because an amount of time has passed is no longer recommended as a security practice by many cybersecurity experts and organizations such as the National Institute of Standards and Technology (NIST).
-Dave
0 -
Some websites and organizations, especially government, use passwords that expire frequently. Failure to login or update the password before expiration can be a real pain. It seems like a basic function to be able to define an expiration date on a password in 1Password. Then be able to generate a report or get a reminder before the password expires. Most password vaults already have this functionality. I did the search and saw several requests for this exact function and yet nothing from 1Password... What gives? I am new to 1Password but it seems like I might be going back to KeePass without this functionality.
2 -
+1
0 -
+1
Many sites, especially legacy services for internal use in big corporations do not follow the latest NIST recommendations…
0 -
Thanks folks. I'll let the team know this type of feature would be of interest to you. While I can't make any promises I can ensure your voice is heard.
ref: PB-31187496
ref: PB-31187587
ref: PB-311876231 -
Just a remark: I work for an IT outsourcing company, and every single customer company I was working for had a password expiry policy. Not a single company allows permanent passwords for the Windows logins. The worst expiry time was 30 days, a common time frame is 90 days. My company announced an upcoming expiry time frame of 1 year for our intranet accounts, however it has not surfaced yet. It's still at 90 days.
However, I don't really need an expiry reminder. Either I log in often enough so I catch any reminder. Or I get email warnings about an expiring password. Only rarely used accounts actually expire, and usually it's possible to log in one last time and immediately change the passwords. To be useful for an expiry reminder from within 1Password, some kind of calendar view is required, so you can "see" what is expiring and when, so you can coordinate it with your next login.
0