Users Master Password standard

holmny
holmny
Community Member

I'm in trial for the business plan so I might just be missing this. Can the team admin set a standard users must use when creating their master password? ie. length, characters and symbols etc.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • holmny
    holmny
    Community Member

    And on top of that can a report be run to show how strong users passwords are?

  • Hey @holmny...

    Currently we do not have the ability to set requirements on a Master Password. We do have some basic requirements for our Master Password length and that it not match a list of simple known passwords, but nothing beyond that.

    A big reason for this is our Secret Key. Whenever authentication or encryption is done, it involves both the Master Password and a Secret Key. This helps us guarantee that despite the strength (or weakness) of a Master Password, it gets combined with something that we know to be strong.

    That said, a strong Master Password is still a very valuable thing, so your suggestion is a good one. I'll definitely send this request along to the rest of the team here and it may be an option in the future.

    To answer your second question, we never know anyone's Master Password, so running a report on it would not be possible. In order to do something like that, we would need to capture and store data about the Master Password during creation and I just don't ever see us doing something like that. The first route of making requirements on the Master Password seems much more feasible.

  • holmny
    holmny
    Community Member

    @brettbollman

    Good point on the second question. Kind of defeats the purpose of the service.

    The secret key option makes sense but we have do have some work to get our users into good habits. So the master password parameters option would be nice. Thanks for the feedback.

  • You bet @holmny... and I totally agree. I even have to remind my own family members to make their generated passwords longer than they are naturally inclined to make them, with the reminder that... "You don't ever have to remember this, make it as long as the site will let you."

This discussion has been closed.