Watchtower and password ages

Thanks for clarifying 1P_Dave​.

1P_Dave wrote:

Thanks for the reply. If you didn't save a one-time password for a certain website in 1Password, and you used a different 2FA authenticator app instead, then 1Password has no way of knowing that you've enabled 2FA for a website. 

That being said, 1Password's Watchtower feature does know if a certain website offers 2FA since it uses the following website as a source of knowledge: 2fa.directory 

This helps understanding how Watchtower works.

1P_Dave wrote:

1Password doesn't include a reminder to change your passwords when an arbitrary amount of time has passed because we don't recommend that practice. Regular password changes for no other reason but because an amount of time has passed is no longer recommended as a security practice by many cybersecurity experts and organizations such as the National Institute of Standards and Technology (NIST).

Instead we recommend that you change your passwords if one of the following conditions is met:

The password for a website/account is not a secure and unique password generated by 1Password.
1Password's Watchtower sends you a warning that your password for a website/account has been reused or was found in a data breach.

You can read more about how Watchtower helps you keep your passwords safe here: Use Watchtower to find account details you need to change

In regards to the bold text.

If there is a data breach, it might be some time after the data breach is actually reported and Watchtower alerts us. I think it's good practice to change passwords, especially for important websites (such as banks) every so often, just incase IMO. Of course, having 2FA enabled on important websites can help mitigate that threat of a data breach.

Thank you again for the clarifications!