+1 for wanting the feature.
Hello i would love to have an overview how old my passwords are as well. I have an app that i use since a long time and just logged in direclty trough their website the account settings informed me that my password was last changed 720 days ago. I was shocked and immediately changed it. This will help many people to update their passwords in a more regular basis and can help safeguarding against data breaches. Please implement this. Thanks
1 Like
Would be very useful to know when my passwords have gotten a bit stale… +1
I would like this feature too, this is what i was thinking on this:
rather than relying on each specific webpage’s password expiration policy to trigger, i could rely on a bitwarden timer to let me know when i havent changed my password say in 90 days or so, so that i can know to rotate my password more frequently.
Maybe there could be an internal timer or something similar generated at the same time a new password is generated and saved for a bitwarden account in the bitwarden app/addon. This would be easier to manage and quicker to implement in a simplified manner.
I’m trying to convince my employer to switch to Bitwarden, but this is a critical feature and they won’t consider Bitwarden without it.
1 Like
That’s almost ironic, @mrratface! The greatest benefit of using a password manager is that it makes it effortless to create long, random/unique passwords that are so secure, they never go stale, and hence the password age is irrelevant! I wonder if your employer’s IT staff understand this…
2 Likes
You can also let your employer know that we offer Vault Health Reports, which include the ability to scan for exposed, reused and weak passwords.
1 Like
Just to chime in, current guidance from both NIST and the NCSC is not to enforce regular changing of passwords. Only change if there’s a suspicion of compromise.
1 Like
The motto of the system admin: Wasn’t my call, I’m just making it work. If it were a perfect world, the IT staff would always get to pick the cheapest and best solution. Banks and carriers would have the best online security. But it’s not a perfect world.
Another possibility is that another software/identity provider of that company’s forces password changes and instead of fighting to remove that (impossible), they thought it’d be simpler to have Bitwarden offer it. (Look, users will be forced to change before they get locked out!). Or any replacement manager must tick all the feature boxes of the last one. Who knows why management wants what it does?
But yeah, there’s no ACTUAL need for regular changes like we used to be told.
1 Like
There seems to be differing opinions about rotating or changing your passwords. I say different strokes for different folks. The simple fact of the matter remains that having a report that lists your passwords by age or some way to filter for passwords older than 6 or 12 months, that would have value to some of us. I came here to also ask for this report. It would be very useful to me. That is the beauty of having a password vault is the ability to easily manage passwords and just because one person thinks its stupid doesn’t mean someone else doesn’t find value in it.
In the wake of the LastPass breach, having this report would make it easier for me to change all (hundreds) my passwords over time, as this report sorted by date will essentially provide a TODO list for changing the passwords.
5 Likes
We have had two people leave our organization and are required to change any passwords they had access to which is a significant number. Although most have been changed, we are looking for the password aging report so we can catch any passwords whose last change occurred before they left so we can address.
1 Like
Hey @Raphael_Smith you can also look at the event logs per individual user from the web vault, or export for use with other tools via the CLI.
Correct, but regardless of NIST recommendations many users like to rotate passwords. Every 90 days is insane but if I have some 6 year old passwords out there I’d like to know about them so I can rotate them. More than likely they are “complex” but far too short by modern standards. Before the weak password report is suggested - will a 10 character random password be able to be identified in that report? Because I would want to replace it with a 20+ character one.
Another use case:
I know what day I stopped using LastPass. I need to change all passwords created/saved prior to that date but I have no way to identify what passwords meet that criteria.
1 Like
Thanks all, the team is reviewing this feedback 
3 Likes
I would also like this feature for many of the reasons above.
Both because we migrated from Lastpass and I want a report to show any passwords I missed and if a password is several years old it should be rotated regardless just to be safe.
Even just being able to sort my vault list by password age would be great! I could start with the oldest to prioritize deciding if I want to change any.
1 Like
I also checked exporting the vault via csv and json and the data isn’t shown there either unfortunately. Given the lastpass breach this would be a very useful feature.
I’d love to have this report. Even an option to sort my vault by password updated date would be do the trick.
I hadn’t deleted my LastPass account since migrating to BW and while I’ve prioritized password changes for financial accounts since the recent breach(es), a report be great so that I can quickly identify passwords not updated since Lastpass gave away my vault.
I just looked for this feature in reports page, and as I not found it, I was wondering if this feature was in duscussion.
So I found this topic.
I may use this feature to check my oldest password and where they are used. If it is a critical credential, I may want to change the password, in case this has leaked, or keeping a fresh password, different from probable backups…