Add report for "Password Age"

I like to change may passwords often. I feel it would be useful to have a “Password Age Report” in the Vault Health Reports for Premium Users.

Bitwarden already tracks the last time a password was updated so I would assume it wouldn’t be to difficult to create a report that show the service name and the password age in days.

This would make it much easier to recognize passwords that are very old and should be changed.

Out of interest, why do you change your passwords?

Companies I’ve worked for have always enforced a “90 day rule” regarding passwords used for business purposes. Having an age report would make it easier to identify passwords that need to be changed.

Also I feel that regularly changing my passwords is an extra security measure, if a password to a service I do not use often was compromised the attacker could have access to that service until I changed the password. By changing the password frequently I feel it limits the time an attacker could continue to access a compromised account.

These are just my thoughts, no facts.

This is similar to “Password expiration date” and a few other duplicate topics. However, those suggest a more persistent reminder rather than an on-demand report. A report tool seems pretty useful too!

Hello i would love to have an overview how old my passwords are as well. I have an app that i use since a long time and just logged in direclty trough their website the account settings informed me that my password was last changed 720 days ago. I was shocked and immediately changed it. This will help many people to update their passwords in a more regular basis and can help safeguarding against data breaches. Please implement this. Thanks

I’m trying to convince my employer to switch to Bitwarden, but this is a critical feature and they won’t consider Bitwarden without it.

That’s almost ironic, @mrratface! The greatest benefit of using a password manager is that it makes it effortless to create long, random/unique passwords that are so secure, they never go stale, and hence the password age is irrelevant! I wonder if your employer’s IT staff understand this…

1 Like

You can also let your employer know that we offer Vault Health Reports, which include the ability to scan for exposed, reused and weak passwords.

1 Like

Just to chime in, current guidance from both NIST and the NCSC is not to enforce regular changing of passwords. Only change if there’s a suspicion of compromise.

The motto of the system admin: Wasn’t my call, I’m just making it work. If it were a perfect world, the IT staff would always get to pick the cheapest and best solution. Banks and carriers would have the best online security. But it’s not a perfect world.

Another possibility is that another software/identity provider of that company’s forces password changes and instead of fighting to remove that (impossible), they thought it’d be simpler to have Bitwarden offer it. (Look, users will be forced to change before they get locked out!). Or any replacement manager must tick all the feature boxes of the last one. Who knows why management wants what it does?

But yeah, there’s no ACTUAL need for regular changes like we used to be told.

There seems to be differing opinions about rotating or changing your passwords. I say different strokes for different folks. The simple fact of the matter remains that having a report that lists your passwords by age or some way to filter for passwords older than 6 or 12 months, that would have value to some of us. I came here to also ask for this report. It would be very useful to me. That is the beauty of having a password vault is the ability to easily manage passwords and just because one person thinks its stupid doesn’t mean someone else doesn’t find value in it.