Feature Request: Auto-Change Passwords

joshdyck

Just to add to the conversation. Regularly changing passwords would allow us to remove team members and not have to worry about them still having access to our systems after being removed from the team. Right now with the current setup we can only use 1Password for our lowest-risk passwords because of this (Thanks @Ben for replying already to this in my other post https://discussions.agilebits.com/discussion/comment/457541#Comment_457541 )

Ben

That is a fair point, @joshdyck. Certainly shared password usage, particularly within businesses and teams, does necessitate changing passwords when someone leaves. A feature like this, if properly built, could help address that concern. Thanks for taking the time to share your perspective.

Ben

richardburt

Just to add my 2 euro cents worth. As far as my internet accounts are concerned this discussion is all academic as I have 2FA turned on on all possible sites and that feature alone would break any automatic password change.

What could be done as an alternative is have a pop up telling the user that the password hasn't been changed in 6 months or a year and leave the responsibility to change it to them manually

Ben

Thanks for the feedback @richardburt. I’m not sure that 2FA would be a hurdle here, at least not if the 2FA being used is TOTP and 1Password is being used as the TOTP generator, but I do indeed feel that what you’ve mentioned is the safer route. That said our research indicates that changing passwords that are already strong periodically does not have much merit [1].

[1] The exception would be shared passwords, where revoking someone’s access is necessary... In that case changing the passwords is prudent.

Ben

aniforprez

I was a Lastpass user until early this year when I found a lot of stuff in it just not working well enough. I have to say, people are heavily overselling the password change feature. It works only through the chrome extension by opening the site and manually filling out the logins, going to the change password page, entering a new password and then accepting the change. Even on supported sites, trying it out myself it would routinely break. Amazon for example hosts it's login page differently for different regions and a .com login is not the same as a .in login (India in my case). This meant that it would technically "support" changing the password because it's Amazon but it very easily broke when actually trying to do it. I also didn't have 2FA enabled on that account at the time so I'm not sure if requiring the 2FA code would break that flow. I will call out Lastpass by name since I was personally using it and it only supports 79 sites according to their support page and these are your largest competitors. If they're having trouble supporting multiple sites with reasonable reliability then I doubt you guys will have that much success, subscription service or not

I honestly think this feature is not worth that much and people expecting it as a core feature should really understand that it will not work as expected most of the time and most sites will not feasibly be supported. I'd much rather you guys work on stability and UX improvements rather than this feature which will be used by a very small percentage of people very few times. I use the login filling, password generating and 2FA scanning regularly and improvements to UX in those areas are much more appreciated personally. I'm hoping Markdown support in all non-Mac platforms is a priority over this. Also a Linux app would be nice :wink:

AGAlumB

it will not work as expected most of the time and most sites will not feasibly be supported

@aniforprez: Thanks for chiming in! I think that perfectly illustrates why we shelved this a while back: it's a really hard problem to solve and also — perhaps more importantly — "solving" this problem needs to be done on specific sites not once, but on an ongoing basis. We have a good sense of this just from login filling, since no two websites almost ever work the same, and changes can render 1Password ineffective on a site where it was successful previously.

I'd much rather you guys work on stability and UX improvements rather than this feature which will be used by a very small percentage of people very few times.

We're on it, but if you have specific feedback let us know! :)

I'm hoping Markdown support in all non-Mac platforms is a priority over this. Also a Linux app would be nice :wink:

We're really excited about Markdown support too. Stay tuned! ;) We don't have a native Linux 1Password app, but we've got a few options there that may help. :)