New Enterprise Security Settings - Master Password Enforcement

Hello,

I'm extremely excited about the new features that were recently added to the platform for security. Among those added was the ability to enforce stronger master passwords as described here: https://support.1password.com/master-password-policy/.

I would like to enforce these new standards ASAP; however, I need to know the user impact this will have. The article I linked says this:

Your Master Password policy applies to new team members when they set up their account and to existing team members when they update their Master Password.

To me, this sounds like it will not force existing users to update their master passwords until they choose to (or unless I start a recovery for them, etc)

I just wanted to confirm that my understanding is correct before I blow up over 100 enterprise users that use the product, thanks!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • JasperJasper

    Team Member

    Hi @pendletond,

    That is correct, the policy will only apply to existing users when they choose to change their Master Password or you put them through recovery.

  • @Jasper, that is great to hear, thank you.

  • BenBen AWS Team

    Team Member

    On behalf of Jasper you are most welcome. :)

    Ben

  • While this is exactly the answer I was hoping for to the "will I blow up my existing users?" question, is there a way of seeing who has met the stronger master password policy? I'd like to encourage everyone in my organization to follow https://support.1password.com/strong-master-password/ and make a good, strong master password. While I can enforce that for new users, I'd love to know who I need to prod to make a better master password.

  • brentybrenty

    Team Member

    @chipdorsata: We can't know the length of users' Master Passwords, so you can't either. It is only possible to infer that a user has a Master Password of the minimum length or greater if they changed it after the policy was in place, as it would have been enforced when they set it.

This discussion has been closed.