This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Suggestion: Password update reminders!

<div class="IPBDescription">Ability to set intervals to change passwords</div>I would love it if 1Password could remind me to change passwords after a set amount of time, if I haven't updated them within that time frame.



This is definitely one of my weaknesses! I'm not sure if the structures in place would even allow this. And what would be the security implications, if any, of having 1Password keep track of this?

Comments

  • [quote name='brenty (toromei)' timestamp='1293048980' post='17988']

    I would love it if 1Password could remind me to change passwords after a set amount of time, if I haven't updated them within that time frame.



    This is definitely one of my weaknesses! I'm not sure if the structures in place would even allow this. And what would be the security implications, if any, of having 1Password keep track of this?

    [/quote]



    That's an interesting question, I'm not sure I could see the security implications of such a system, providing it doesn't pop-up a huge 24point message 'Hey, your 'changeme123' password for your 'Bank' login is about to expire' notice you should be OK, though I suppose any alerts to unchanged passwords might be an issue, I'll leave that one for Jeff, our resident security guru, to tackle.



    The idea of reminders has come up a lot, and there's a lot of ways we could implement this and it's definitely on our radar for a potential improvement, maybe even with some form of iCal integration?
  • thightower
    thightower &quot;T-Dog&quot; Agile&#39;s Mascot Community Moderator
    edited December 2010
    For now maybe you can try this



    [list=1][*]Make a tag for 3 months, 6 months, 1 year or what ever.[*]add all passwords to be changed to this tag[*]Open Ical, create a reminder, and name it 1P3month etc, set date in future based upon time frame, use reoccurring event if you desire.[*]When times up open 1P sort by tag and proceed to change those passwords.[/list]This has been about the easiest for me.
  • [quote name='thightower' timestamp='1293064022' post='17997']

    For now maybe you can try this



    [list=1][*]Make a tag for 3 months, 6 months, 1 year or what ever.[*]add all passwords to be changed to this tag[*]Open Ical, create a reminder, and name it 1P3month etc, set date in future based upon time frame, use reoccurring event if you desire.[*]When times up open 1P sort by tag and proceed to change those passwords.[/list]This has been about the easiest for me.

    [/quote]



    Wow. You always come up with the most inventive solutions, TH!



    My problem is that I am a fantastic procrastinator, so I'm not sure this would work for me. I am mostly interested in a reminder for those that slip between the cracks, and that I have forgotten about entirely. Maybe if i modify your method so that I move them to a new folder once I have updated them, and repeat this process every few months. Hmm... <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/mellow.gif' class='bbc_emoticon' alt=':mellow:' />
  • khad
    khad Social Choreographer
    edited December 2010
    You may recall a previous post of mine in the Lounge which I think is appropriate to bring up once more:



    [quote name='khad' timestamp='1284255098' post='10902']

    In "[url="http://www.pcmag.com/article2/0,2817,2362692,00.asp"]Changing Passwords Isn't Worth the Effort[/url]" by Neil J. Rubenking, he reviews a study by Microsoft researcher Cormac Herley that asserts, roughly, that by the time you have changed your password, a hacker has already used it. Additionally, unnecessary security advice "treats as free a resource that is actually worth $2.6 billion an hour."[/quote]

    Consider that once a [b]strong[/b] password is chosen, unless it has somehow leaked out — e.g., you told someone, someone got to your computer while 1Password was unlocked, etc. — it is just as strong on day one as it is on day 1,825. (That's five years if you're counting.) <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    One important caveat is that the password needs to be a strong, unique one. I want to make sure to stress that. If you are still using "starwars" or "12345678" for your password, you don't need a future [i]reminder[/i] to change it, you need to stop reading this now and change it immediately! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    Obviously, there are some companies/websites that require a password change with a certain frequency, but they usually have their own method of reminding you when you attempt to log in.



    Just a thought.
  • I agree with Khad - as strong password is just that. However, some sites limit the length and/or chars for passwords and therefore you may be forced to use a password that's not as strong as you wish. But rather than a reminder I would prefer if I could create a smart folder for records where the password is less than "excellent" and the password was last modified x months ago. All you need to do is expose the password strength and password age as filter criteria for smart folders. That way, you can keep an eye on the passwords for this less safe sites and don't get reminded about all the other passwords where the password is strong enough.



    Cheers and a Happy New Year

    Michael
  • khad
    khad Social Choreographer
    Michael,



    It is certainly unfortunate when sites — for no good reason at all — limit the strength of the password you may use. I would love to see some Smart Folder search criteria for password strength and [i]relative[/i] created/modified date. (Currently, 1Password only supports "absolute" dates in Smart Folder search criteria.) I will see what we can do about this in a future release. In the meantime, consider sorting your logins by password strength (View > Layout > Traditional with View > Columns > Password Strength enabled).



    I hope that helps a bit.
  • dbooster
    dbooster Junior Member
    A feature request:



    Once a month or so, 1password changes the password for me at every site. If this is unrealistic, how about a counter for every site that begins when you add the site to 1password. Then after a month or so, the next time you visit that site 1password can prompt with a message like "It's been x days since you last changed this password. It's good practice to change site passwords every month. You might consider doing so."



    Hows that sound?
  • Password change/update reminders have been suggested/discussed in other topics, e.g. [url=http://forum.agile.ws/index.php?/topic/3103-suggestion-password-update-reminders/]here[/url].
  • khad
    khad Social Choreographer
    Thanks for the input, dbooster. I have merged your post with the appropriate thread. Please see above and let me know if you have any further questions or comments. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />