Password expiration reminders
Hi. I would like to request password expiration reminders. I realize that this has been requested (and denied) in the past, but I would like to make a case for it.
Aside from access to, say, our own internal resources, there are many situations where keeping track of all of the reminders would become obtrusive. With an increasing number of these to track, having to maintain a separate reminder could become cumbersome.
To me, this is simple enough in implementation: Any login/password item should contain a 'maximum age' field. This field could be a number of days, months, years, etc. While it would be even better if this information were to scraped automatically, even just having it be a manually-maintained field would be enough.
I'll give you an example where having this be integrated is critical. Below is a screenshot of the United States Social Security Administration website. I know that most of the developers are Canadian and don't have access to the site in question, but you more than likely know what SSA is and what it's for. This is one of those sites where it is critical to have the password changed within the interval, otherwise access can be denied. (Footnote: To the SSA's credit, they do 2FA, though unfortunately only via SMS.)
The mechanism for instituting a reminder could be in a number of forms:
- As indicated by the post I linked to above, it could be via a smart folder.
- On mobile apps, hook into the reminder/notification architecture provided by the OS. The way Evernote does reminders on iOS would be the ideal.
- For desktop/laptops, this might be done via the Helper, or at the least, when the full app opens.
The SSA's website is just an example -- I have banks, services at my workplace, payroll, and other important passwords that are subject to an expiration. One other thing to consider -- if this were to be implemented, it would surely be only a small stretch to indicate when a user's credit card was going to expire, for instance.
Please consider this as a future enhancement, as I think it will reduce user frustration. It's not a problem 1Password created, but 1Password can help users stay on top of expiring credentials. Furthermore, 1Password (and its ilk) are seen as the one-stop shop for credential management by its user base.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi. I would like to request password expiration reminders. I realize that this has been requested (and denied) in the past, but I would like to make a case for it.
@cobaltjacket: Weirdly, I don't see any denial; rather, Drew was answering the question that was asked: Does 1Password offer reminders? And of course, it doesn't.
Now, I won't lie to you; while this is a feature we can consider adding in the future, 1Password is intentionally light on the notifications. That said, you make some good points. This may be something that would make a good (and appreciated) addition to 1Password someday, but with limited resources we do have to prioritize things. So while it's definitely a 'not now', I wouldn't say 'not ever'. Thanks so much for the detailed feedback! :)
0 -
Hi, I was just looking at the "password reminders" issue as well. Another approach that would (maybe) have more general use would be to allow some kind of applescript access to the fields. Then you could easily select all the ones based on their days since last password change and password expiration. Of course, that probably raises its own issues with security/access.
Alternatively, the smart folders could be extended to do some simple operations on some of the custom field types (numbers, dates, whatever). What I have in mind is a simple select statement, for password reminders it would be something like ("custom field expiration in days" - "days since last password change" < 5). I don't know how hard that would be to implement, but it could add some utility to the smart folders.
Thanks!
0 -
Another approach that would (maybe) have more general use would be to allow some kind of applescript access to the fields. Then you could easily select all the ones based on their days since last password change and password expiration. Of course, that probably raises its own issues with security/access.
@chakroth: I was about to say that while this is an interesting idea, it would be a security issue (since that would also make it trivial for a malicious app or script to access data in your vault in the same fashion), but you finished your thought and beat me to it! :pirate:
The smart folders option probably isn't a direction we'll go either, since it wouldn't be available on all platforms. And since it relies on OS X APIs, it also isn't flexible enough to let us do what we want with it either.
Perhaps we'll be able to come up with a solution to this problem that's both secure and could benefit users of all of the 1Password apps...
0 -
I like the idea of 1P allowing me to set an expiration date. My employer has a password policy that forces pw expiration every 90 days. While I am notified of this expiration when I log in daily, this policy is in place for "admin" and "privileged" accounts that I do not use daily. If 1P could notify me that a PW was about to expire, I'd be able to head off the expiration of my admin accounts and same me a headache when I need to use an account that has expired. I'd be happy for 1P to simply use Apple's Notification Center, which should integrate well across MacOSX and iOS.
Without this feature, I am forced to put reminders in my calendar, which does work, but is less convenient.
0 -
While I am notified of this expiration when I log in daily, this policy is in place for "admin" and "privileged" accounts that I do not use daily.
@duffetta: Awesome! That is, using the limited account and reserving the privileged ones for special occasions is awesome. Dealing with password expirations is decidedly less awesome...
If 1P could notify me that a PW was about to expire, I'd be able to head off the expiration of my admin accounts and same me a headache when I need to use an account that has expired. I'd be happy for 1P to simply use Apple's Notification Center, which should integrate well across MacOSX and iOS.
That's a really cool idea, but I worry that this might be a way for information to be "leaked" onto the home/login screen if it isn't done thoughtfully.
Without this feature, I am forced to put reminders in my calendar, which does work, but is less convenient.
That's a good solution, but perhaps we'll be able to come up with something ourselves in the future. Thanks for the suggestion — and workaround! :)
0
