Old Passwords Report

It would be great if I can check the list of old passwords so I can periodically update them.

The ability to sort the vault by last password change time is also acceptable.

(This is a supported feature in LassPass).

Is there any reason you would want to update them periodically? This is against current NCSC and NIST guidance.

I would advise checking for leaked/breached passwords on a regular basis and changing those.

1 Like

The guidance probably did not account for two things:

  1. there are too many incompetent companies that may be leaking user data without knowing, or (rare but I’m certain is happening) choose not to disclose data leaks
  2. the guideline is for corporate password change, where employees are likely not allowed to use a password manager so have to use passwords that are memorable (read: easier to guess). Enforcing a periodic password change policy means the employees will likely just modify the prefix/suffix of a memorable password to be compliant.

Or if we put it in the other way: what’s the downside of allowing Bitwarden users to change their password every month as long as they use long randomly generated password?

1 Like

There’s no downside to doing this in conjunction with a password manager, I just think it’s unnecessary. I personally wouldn’t use it but I’m all for new features that others will find useful.