Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Feature Request: Time-locked access to passwords
I just watched a YouTube video about how to form effective habits, and one of the examples that the speaker gave from his personal life made a big impression on me, and it's something that I think 1password could make available as a feature.
The speaker has his assistant reset all of his social media passwords Monday mornings, and then give the passwords to him on Friday after work. (I suspect the assistant is emailing him the passwords, which is obviously a security risk, but that's not the point of my feature request.)
I think 1password could offer similar (but superior) functionality without the need to change the passwords. The first step would be to have 1password generate a random password that the user doesn't know, which it can already do. Then the new functionality would be that the user could specify (on an individual credential basis) rules for when 1password will actually supply the password to the user (both via auto-fill and copy & paste).
The rules would just be similar to the rules that calendar programs use for setting periodic reminders. So I could set up 1password to provide my social media account passwords on weekdays between 8PM and 10Pm, and all day on weekends; or only on weekends; or every day from noon to 1pm and after 7PM; etc.
Obviously there would need to be a way to override this and get access to the passwords if they're absolutely needed; off the top of my head, I think an email verification link might work well. My reasoning for suggesting a verification link is that I think basic human psychology considers a method that makes other people aware that we're "cheating" to be a more serious step than a method that's purely private, even if we're rationally aware that it's just an automated service that's aware of our behavior.
I think there is some probability >0 that this feature could "go viral". I can imagine a wide range of educators and motivational speakers and cultural pundits lauding it as a partial answer for all the people who bemoan the amount of time they spend on social media, but don't seem to have the willpower to cut back. I could even imagine it being popular enough that people start putting the hours that they have access to their social media in their profiles.
2 Replies
This timed access is a great idea for a very practical access control, i.e. for systems which should only ever be accessed within specific times such as business or operational hours.
Ideally these systems would be completely inaccessible, for which there do exist some solutions for certain cases, but limiting access to identification and authentication would substantially limit inappropriate access by otherwise legitimate users.
As for how to implement this on the clients, that's an engineering problem. 😆
