Read first: Previous version support information

Feature Request - Password change prompt

Blister
Blister
Community Member
in 1Password 4 for Windows

Is it possible to add a feature that prompts you to change passwords at regular intervals? 3/6/12 months, say?

Just a thought.

1Password Version: 4.6.1.617
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Dropbox

Comments

  • Greg
    Greg
    1Password Alumni

    Hello @Blister,

    Thank you for using 1Password and your suggestions! :+1:

    We are planning to bring new Security Audit features to 1Password 6 for Windows, so this is a good idea to consider. If you have more of them, please share them with us, your feedback is really appreciated. :)

    Thank you!

    ++
    Greg

  • pbryanw
    pbryanw
    Community Member
    edited February 2017

    Hi, this recent article suggests that password switching every x months is bad for security: https://arstechnica.co.uk/security/2016/08/frequent-password-changes-are-bad/

    So, I'm not sure that this should be included in 1Password, or maybe, more investigation is needed first :+1:

  • Greg
    Greg
    1Password Alumni

    @pbryanw: You are completely right here! :+1:

    Let me assure you, no feature is added to 1Password without a thorough investigation and internal discussion, especially when it comes to security. The Security Audit features in 1Password 6 for Mac and 1Password 4 for Windows are already great, but maybe we can somehow improve them in the future. :)

    Thank you for joining the conversation. We really appreciate it. ;)

    Cheers,
    Greg

  • ChicagoJoe
    ChicagoJoe
    Community Member

    @prbyanw: If the problem with frequent password changes is that people tend to make passwords like, "tarheels#1", and then change them to "tArheels#1", "taRheels#1", "tarheels#11", "tarheels#111", "tarheels#2", "tarheels#3", and so on, then those people aren't doing it right. 1Password has the ability to create semi-random strings with characters, numbers and specials as well as strings of whole words.

    On my own, not only do I let 1Password generate the passwords that I use, but I also very the 'recipe' is uses so that one website may be a 15 character password and another may be 9 and another may be 3 long words.

    I'd like to vote for this suggestion with a few more specifics:

    • 1Password suggests changing your password after some interval based on the last modified date that it already tracks
    • 1Password suggests changing the 'recipe' used when you do change the password based on the 'last recipe used'
    • 1Password should have a damper on the time so that it doesn't encourage you to change more than X number of passwords on the same day (it would be annoying to get 10 suggestions in the same window of time within a day.)

    Doing that should not only avoid the issues mentioned in the arstechnica article, but should also help with the Cloudbleeds and other hacks that we sometimes don't find out about until weeks or months after they've occurred. And it would be great to be able to say to myself, 'Who got hacked? Oh, that's right, I already changed all those password — twice — since then. I'm good.'

  • AlexHoffmann
    AlexHoffmann

    @ChicagoJoe
    Thank you for your suggestions, they are duly noted.

    Please keep the feedback coming, we truly appreciate it.

    Cheers,

    Alex

This discussion has been closed.