I think it would be great to have an option to enable infinite password history, whether that is for the entire account or even just for specific item entries.
Reasoning for this is that many places with strict security use password history as a way to recover an account (or in some instances just verify identity), but using good security practices by having entirely randomized passwords makes this basically impossible.
Runescape is one great example, often requiring a previous passwords history, sometimes dating back to the beginning of the account (and often times wanting a list of all passwords you have).
Here’s an example:
Think of someone working in a financial position. Security policies require regular password changes for a financial application or database every 30 days. Legal requirements exist to have the financial data backed up and kept for 7 years. A request comes to restore the financial data for an audit from 6 years, 3 months ago. That person would need to know at least the previous (12*6+3) 75 password changes in order to log back into that restored environment.
I’m not the financial person in the example above but I do have a requirement to track all previously used passwords in the event that a system is restored from a backup for any reason and from any date. Bitwarden currently does not work for me with the current limitation of only tracking the last 5 password changes.
Legal requirements exist to have the financial data backed up and kept for 7 years. A request comes to restore the financial data for an audit from 6 years, 3 months ago. That person would need to know at least the previous (12*6+3) 75 password changes in order to log back into that restored environment.
Wouldn’t they restore all data except for the Login table in that scenario? Then you can login to the restored environment with the current password. I’d find it weird that a system would be designed requiring knowledge of 75 historical passwords.
Yeah I’m in agreement here I think. Still it would be nice to have infinite history in the odd situations that it’s needed, such as the aforementioned Runescape account recover type stuff. I mean sure we can just copy and paste the old passwords into the notes section but having it automated would be nicer.
If the audit request is to audit access / permissions to the system, the authentication platform needs to be restored as well.
Typically, restoring old systems for audit purposes, to get old records, to test restoring the entire infrastructure for disaster recovery purposes, etc. are done on isolated networks and intentionally kept away from the live production systems. That means the authentication system (in my case Active Directory) needs to be restored as well.
Another reference to the unlimited password history would be to compare it to the time machine feature present on Apple’s mac computers, where you have a full backup and can come back if there is a problem: Back up your Mac with Time Machine - Apple Support
The cool thing about this is having a copy of everything that was done. This is useful to help prevent password loss. For example, passwords accidentally deleted or by physical(server) or human error. In addition to ensuring the integrity of users’ passwords.
Some initial conclusions from reading all these links and posts
I think all these matters somehow involve an unlimited history of passwords, items, email, notes.
I think it’s seriously important to merge it all into this as a smart history feature. Some believed that unlimited password history is a good feature, but it would have other additional features like changed email history, changed username history, and changed note history.
How these fields are created at vault time. All these features are complementary in my view and essential.
But since the post is about the unlimited password history feature, consider the links or ideas that talk about it.
idea
In order to have an unlimited, reliable and secure password history, it would be necessary to offer the user the following options:
Option to clear password history in full or in part. That way, the user can select to remove all the passwords from the history or just the one that he wants to remove manually.
Option where you can set the amount of passwords to be displayed in the password history. If you think of the password as just a field to be used, filled in, these features I mentioned are the most essential.
I don’t know if these features have been implemented, but for the most part they are interesting and as I said they are good, essential.
Interesting cases:
Audit: Know the changed passwords. From the first to the last modification.
“Reasoning for this is that many places with strict security use password history as a way to recover an account (or in some instances just verify identity), but using good security practices by having entirely randomized passwords makes this basically impossible. Runescape is one great example, often requiring a previous passwords history, sometimes dating back to the beginning of the account (and often times wanting a list of all passwords you have).”
Backup: With unlimited password history, we have a complete backup of everything we’ve done or changed, so it’s easy to go back to the newest or oldest version of the password, whether for auditing or security purposes.
Another reference to the unlimited password history would be to compare it to the time machine feature present on Apple’s mac computers, where you have a full backup and can come back if there is a problem. 1. The cool thing about this is having a copy of everything that was done. This is useful to help prevent password loss. For example, passwords accidentally deleted or by physical(server) or human error. In addition to ensuring the integrity of users’ passwords.
This feature is present in Evernote, where you have a history of what was changed in the note. If it’s something interesting and feasible, password history is also possible. It would be close to the Evernote feature that has a complete history of notes, but instead of notes, passwords. As far as this is possible, it may have additional features such as field history or notes.
We will have the option to define the passwords that will be displayed, as well as the possibility to manually delete the password history or select everything to be removed. Our user freedom would be guarded.
I’m not here to criticize anyone, I want everyone to gather ideas so that everything is interesting and within possibilities something good, viable and incredible. That way, we will always have something good and satisfying for everyone.
note
If the user wants to manually delete password history or make a full selection to remove all password history, he needs a confirmation screen to perform this action
This is a great summary here, totally agree with you and thanks for writing this all up!
I also think deleting password history would be critical in this case, especially for organizations that might not want previous passwords to be viewable to people in which the passwords are shared with.