How can I see how long it's been since the password was last changed?

dmlee

Thanks for the question! You can see NIST's recommendation on the topic here. Specifically:

“Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.”

You can also find our blog on the topic here: Do You Really Need to Change Your Password Every 90 Days?

-Dave

I see recommendations to organizations to not force users to change passwords periodically, as this tends to lead users to weaker patterns. However, periodic password changes are still recommended, assuming the user takes it upon themselves to use strong passwords. If you see otherwise, could you kindly point me to those sources?

Hello dmlee! 👋

Thanks for the question! Can you tell me a little more about why you change your password every few years? 1Password doesn't include a reminder to change your passwords when an arbitrary amount of time has passed because we don't recommend that practice. Instead we recommend that you change your passwords if one of the following conditions is met:

1. The password for a website/account is not a secure and unique password generated by 1Password.
2. 1Password's Watchtower sends you a warning that your password for a website/account has been reused or was found in a data breach.

You can read more about how Watchtower helps you keep your passwords safe here: Use Watchtower to find passwords you need to change

Regular password changes for no other reason but because an amount of time has passed is no longer recommended as a security practice by many cybersecurity experts and organizations such as the National Institute of Standards and Technology (NIST).

-Dave