Setup Master Password Expiration (ISO:27001)

guy2c9

Hi 1Password

I know this request has come up often but what is the latest thoughts on implementing a Master Password expiration policy? Like the other comments on this topic, when working with government bodies or legislation requirements or ISO certification you need to have security and password policies in effect to ensure that passwords are regular changes/updated including password vaults.

We are currently going through various ISO certification in order to be compliant with the Federal Tax Office (ATO) and require that all systems, especially password vaults have a control to set master password expirations. The only solution I have for this at the moment is to setup a manuall calendar reminder to manually reset each users password and security key via the 'recovery method'.

---

1Password Version: 1Password for Windows 8.10.18 (81018040)
Extension Version: Not Provided
OS Version: Windows 11
Browser: Not Provided

ag_max

Hi @guy2c9,

1Password Business does provide teams with the ability to enforce specific account password requirements, though expiration by schedule isn't currently a component of that, and I'm not aware of any plans to introduce this. Using third-party calendar software reminders like you mentioned sounds like

That said, as you've mentioned that your organization may be under government requirements to abide by this, I recommend contacting our Business team via email, as they may be able to better work with you directly to address this.

guy2c9

Hi @ag_max

THanks for getting back to me ive set up a meeting with Charles Victor on Tuesday 21st November and hopefully he can get me in contact with the right team

ag_max

Happy to assist, @guy2c9.

Our team is always here to help if anything else should come up.