Forum Discussion

marcoseloso's avatar
marcoseloso
New Contributor
3 days ago

Password expirations

I would like to know if it is possible to do the following on 1password business:

Force users to periodically change their 1password account key.

The other thing is to force or have a report of the elements of the users to know how old or when they changed their passwords from other logins or configured MFA to know if they are complying with the policies .

 

Any idea? 

Thank you! 

1password.com
best practices
feature request
policies

1 Reply

  • Tom's avatar
    Tom
    Bronze Expert
    3 days ago

    Hi marcoseloso​ - welcome to the community.

    Can you elude to what you are trying to achieve by rotating account keys (presumably meaning the secret keys)? If you are worried about people losing or using them the wrong way you might want to consider adding OAuth2/SSO instead of password + secret key enrolment.

    I'm not aware of any details (other than business watchtower in general) to report on ancient or problematic passwords for their "Employee" vaults, the main idea being that is where they keep there 'personal, but business need' passwords (i.e. not their family or personal social accounts).

    You are eluding to policies, so maybe share what the policy is you see issues with. The main reason behind the name of 1Password was precisely that ... have 1 strong but memorable Password to access them all. While more passwords managers feature that, 1Password has the unique addition of the secret key to 'up the hash&salt of the algorithm'.