Hi
Is there a possibility to integrate a password change policy for the master password?
Depending on the infrastructure and environment, you have to change a password in a cycle of x days. However, the master password remains unaffected and is always the same.
BR
TWI
@twi Welcome to the community!
In Enterprise plans, the administrator can set up a number of policies, but a master password expiration date is not available as a policy.
To be clear, it is generally recognized that setting an expiration date for passwords that have to be memorized (like the master password) should be avoided when possible, as it creates more problems (i.e., security vulnerabilities) than it solves. For example, this is what the US National Institute of Standards and Technology (NIST) has to say about the matter [source]:
SP 800-63B Section 5.1.1.2 paragraph 9 states:
āVerifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.ā
Users tend to choose weaker memorized secrets when they know that they will have to change them in the near future. When those changes do occur, they often select a secret that is similar to their old memorized secret by applying a set of common transformations such as increasing a number in the password. This practice provides a false sense of security if any of the previous secrets has been compromised since attackers can apply these same common transformations.
Hi
for this reason, it is possible to define settings such as length and complexity for a password. this is already possible today for the master password. thus, the user cannot weaken his password much.
but there are certain regulatory institutions that require a sporadic password change. since the user does not do this proactively, it would be practical to be able to define this by policy.
BR
TWI
By āsporadicā, do you mean āregularā? In any case, I would recommend lobbying such regulatory institutions to update their policies conform to modern security standards.
Hello, I would like an option that, once activated and configured, forces me to change my master password.
You could choose the time interval, for example: 1 month, 2 months, 3 months, 6 months, 9 months, 1 year, etc.
Hi! you can add a reminder to your todo list
@Azerno Welcome to the forum!
@Azerno @unkulunkulu I moved your posts into this existing feature request to the same topic.
This is likely to significantly increase your risk of locking yourself out of your vault (by forgetting your master password), and/or increase your risk of vault compromise (by giving you an incentive to use a master password that is weak or non-unique, to aid memorization).
Even if you use a strong, randomly generated, and unique master password each time, and duly updates your Emergency Sheets, the practice of regularly rotating your master password typically offers negligible added protection for your vault. This is because a regularly scheduled password rotation only protects your account in case you happen to time your password change so that it falls exactly inside the time window between when an attacker steals your master password and when they use the stolen password for account take-over.
The diagram below illustrates the timing (assuming that you follow best practices of immediately changing your password on any evidence of a leak or compromise):
graph LR
root[Last<br>password<br>change] -->|ΔT<sub>1</sub>| A(Password<br>leak<br>event)
-->|ΔT<sub>2</sub>| B[Disclosure of<br>password leak]
--> C[Emergency<br>password change<br>(post-disclosure)]
A-->|ΔT<sub>3</sub>| D[Account<br>compromise<br>(using leaked password)]
-->E[Emergency<br>password change<br>(post-compromise)]
Basically, for a routine (regularly scheduled) password change to protect you, the account take-over attempt would need to occur before discovery/disclosure of the leak (ĪT2 > **ĪT3), and your regularly scheduled password change would need to occur precisely during the time interval ĪT2.
If the attackersā wait time from the acquisition of the password until its use (ĪT2) is Poisson-distributed with a mean time delay T, then rotating the password at an interval t will reduce the risk of an vault breach by a probability that is approximately equal to
p ā t /T
(approximation valid for small p only). Thus, to reduce the risk by a meaningful amount (say p < 0.01), then we need to set the rotation interval to a value
t < 0.01 T
Therefore, even if the average attacker were to wait a whole year (!) after stealing your master password before they try to breach your vault, you would need to rotate your master password twice a week for this to be an effective strategy.