Auto update passwords

It would be really nice to have a feature that allowed us to update website passwords from 1Password. The idea being that when I want to change all my passwords every 3 or 6 months, I can update in 1Password and have it propagate the updates to the websites.

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hello @joehobo,

    It would be very cool but the reason we haven't ventured into this as of yet is it is a matter of resources and the ability to ensure such a feature would be rock solid. Every website is different and so any password change has to be by completing the correct sequence of actions and ensuring the response at each stage is good. It means it's an incredibly manual process with so many potential points of failure. Such a list could only ever be for a limited number of popular sites although it could potentially grow (albeit slowly) over time. It would have to be able to detect failure at the first hint and back off and would require constant maintenance as things changed and caused sites to fail.

    I still agree it would be cool, but it's not a small undertaking, it would take quite a lot of commitment if it was to succeed given how reliable it has to be.

  • joehobo
    joehobo
    Community Member

    At least it's on your radar. That's good

  • jxpx777
    jxpx777
    1Password Alumni

    The other thing I would add to Lil' Bobby's excellent answer is that changing all your passwords that frequently is really not necessary. Set the password to a unique generated password that's as strong as the site will allow and lie on any security questions (Store the phoney answers in custom password fields in the same 1Password Login that has your username and password!) and then forget about it. If you have some high priority sites like banks, email accounts, and social media accounts that you want to give a little extra precaution, I think that's fine. I would tag them appropriately and then only change those passwords. Things like this discussion forum or some other support site have very little impact if you use a strong, unique password—even if there is a breach.

    If you think like a bad guy, you'll realize that for a breach of a discussion forum like this, the first thing you would do is try to crack the password for the account. Then, once you have that, you go try that password on the email account that's attached to that account and maybe a few other sites like Facebook. When that doesn't work, you realize this is low-value data and discard it because at this point, all you can do is post in the 1Password forum. If you cause mischief there, then your account will be banned/locked and now the whole endeavor is useless.

    That's just one example, but when thinking about password changes, it's important to remember why you're changing those passwords and what you're defending against. Letting the password change tail wag the whole dog of your digital security practice is a recipe for unneeded burden.

    I hope that helps. Let us know if you have other questions or concerns.

    --
    Jamie Phelps
    Code Wrangler @ AgileBits
    Fort Worth, Texas

This discussion has been closed.