Feature Request: Password Age and Expiry

Hibernian

I'd like to see a field to show the length of time since a password was created / last changed, as well as a way to set in preferences a threshold age upon which the app visably flags passwords older than that age.



This would allow users to regularly change passwords on accounts to keep them more secure.

khad

Welcome to the forums, Hibernian! Thanks for the feedback. I'll pass your request along to the developers. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



If we can be of further assistance in the meantime, please let us know. We are always here to help!

tatchley

I second this. 1P makes it easy to make and forget your passwords, while you should remember them just enough so you change them every now and then.

khad

Thanks for the vote! I don't think a feature request thread is the place to discuss it at length, but we've talked elsewhere about why changing your passwords regularly is a bit of a security myth. Regardless of how many times you have changed your password on a particular service in the past weeks or months, an attacker will always get your [i]current[/i] password. It's a bit more nuanced than that, and I believe we plan to discuss this more in depth in a future blog post as the topic is more complicated than that. However, I'll certainly pass your vote for this along to the developers. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />

tatchley

[quote name='khad' timestamp='1353971715' post='64046']

Thanks for the vote! I don't think a feature request thread is the place to discuss it at length, but we've talked elsewhere about why changing your passwords regularly is a bit of a security myth. Regardless of how many times you have changed your password on a particular service in the past weeks or months, an attacker will always get your [i]current[/i] password. It's a bit more nuanced than that, and I believe we plan to discuss this more in depth in a future blog post as the topic is more complicated than that. However, I'll certainly pass your vote for this along to the developers. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />

[/quote]



While it is true than an attacker will not care what your previous password was, the companies whose services you use do, to an extent. Some of them, like Dropbox, require you to change your password after [i]x [/i]amount of time.



Also, If there is a possibility someone has seen my typing in a password (one of the few that is not random), I am likely to change those more frequently. It might be paranoid, but I always have a suspicion that they will focus on my key strokes and deduce what it is.

khad

[quote]Some of them, like Dropbox, require you to change your password after x amount of time.[/quote]

You are absolutely correct. Some services require you to change your password with some regularity. I haven't found one yet, however, that won't prompt you to change your password. I've passed your vote along to the developers for this, but personally I hate notifications for anything except what i absolutely have to act on immediately. Alerts, bells, and whistles reminding me to change my passwords unnecessarily (i.e. sooner than a service [i]forces[/i] me to) would drive me up the wall. I'm sure if it ever gets implemented it will be optional. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/laugh.png' class='bbc_emoticon' alt=':lol:' />



[quote]Also, If there is a possibility someone has seen my typing in a password (one of the few that is not random), I am likely to change those more frequently. It might be paranoid, but I always have a suspicion that they will focus on my key strokes and deduce what it is.[/quote]You lead a much more exciting life than I do. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />