This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Feature Request: Password Expirations

Just the other day I thought of a feature that would be great to have in 1Password...the ability to set expiration dates/times for a password.



I have provided two use-cases where this feature would be extremely relevant.



First, having the ability for 1Password to in-effect remind you to change your password at a set interval would help to increase security and reduce vulnerability. For example, it might be wise to change your password for a banking website every 90 days as a precaution. With this feature, 1Password would remind you to do so. (Part of this feature may already be in 1Password...the program does track the password change dates/times).



Second, I have an education email account that has passwords set to expire after 180 days. The only way I have to remember this is to either put this as an event in iCal or just wait until I can't login anymore and realize that's what the issue is. If I were to enter the expiration interval for this email log-in in 1Password, the program would alert me when it is time to create a new password.



Please provide feedback as I'd like to see if others could benefit from this type of feature. If enough people respond to this post, maybe the feature could become reality in a future release.



Thanks!

-Greg

Comments

  • benfdc
    benfdc Perspective Giving Member
    Unless 1P could actually automate the password changes, how would putting an independent reminder system into 1P represent an improvement over the system you are already using for all other reminders?



    One thing you could do right now would be to create a tag or folder for passwords that expire (or that you want to change) every 90 days, another for your 180-day passwords, etc. Check these lists from time to time, sorting by Date Modified, and you'll easily be able to keep track of where you stand.



    FYI, Jeff has written more than once about the question whether changing passwords on a regular basis improves security or degrades it. The two-word answer is "it depends." He gave me a brief schooling on the subject [url="http://forum.agilebits.com/index.php?/topic/2284-key-hygiene-practices-on-all-platforms/page__view__findpost__p__23531"]here[/url].



    Hope this helps.



    —Ben F
  • My original intentions for the post were just to remind users about logins that require password changes. I completely agree with the article you linked to that Jeff wrote. Changing passwords does not inherently increase security. The problem is that for some of the logins I have saved in 1Password, I am forced to accept these required changes. For example, my college required password changes for their email and classroom collaboration systems every 120 days.



    I agree in that implementing an independent reminder system in 1Password may be overkill for what I'd like to do. There is another solution I have thought of per your suggestion. Currently I have added "Expiring" as a tag to all of the logins that require password changes. What I think would be beneficial to many would be to add more parameters for "Modified" smart folder search criteria. Currently, 1Password only allows you to enter specific dates. For example, "in the last", "not in the last", "in the range" would help greatly. You could then set a subsequent field in that criteria to minutes/hours/days.



    That way, I could set the smart folder(s) to include everything with the tag "Expiring" and a range of dates. Such as, "not modified in the last 120 days". Essentially, that smart folder would find all logins tagged as "Expiring" and with a modified date greater than 120 days ago. Thus, providing me with a list of passwords that I need to change.



    Please let me know your thoughts or suggestions that you may have! Thanks!!!



    Best,

    Greg
  • khad
    khad Social Choreographer
    Greg, I think you have a nearly ideal solution. Your suggestion has come up before, and I have no doubt that [b]relative dates[/b] in Smart Folder search criteria would be a real boon. You can be sure that I am advocating on your behalf for this.
  • benfdc
    benfdc Perspective Giving Member
    [quote name='gglasson' timestamp='1327685381' post='57779']

    Currently I have added "Expiring" as a tag to all of the logins that require password changes. What I think would be beneficial to many would be to add more parameters for "Modified" smart folder search criteria. Currently, 1Password only allows you to enter specific dates. For example, "in the last", "not in the last", "in the range" would help greatly. You could then set a subsequent field in that criteria to minutes/hours/days.

    [/quote]



    If you have passwords that expire on different cycles (monthly, quarterly, bi-annually … ), it still seems to me that you really need separate tags or folders for each group. When 1Password gains support for searches on ages you will be able to set up smart folders like "Tag Is Expires6 + Modified NotInTheLast 165 days" that will contain only passwords requiring attention, but for now sorting each tagged list by modification date and reviewing them periodically will get the job done.



    Ben F