Implement Password Expiry Notifications

Question

Implement Password Expiry Notifications

Closed this issue in 5 hours · 3 comments

Is your feature request related to a problem? Please describe.

Currently, the application allows users to store and manage passwords, but there is no mechanism in place to notify users when their passwords become outdated or are due for rotation. This could result in users keeping the same passwords for too long, which might increase security risks.

Describe the solution you'd like
I would like to implement a Password Expiry Notification feature. This feature will notify users when their saved passwords are approaching the expiry date (e.g., 90 days from the last update) or have expired. The notification system could work as follows:

Introduce createdAt and updatedAt timestamps for each password entry.
Set a default password expiration duration (e.g., 90 days).
Use a scheduled task (cron job) to check daily for passwords nearing expiration.
Notify users via email or in-app notifications when their passwords are about to expire or have expired.

Describe alternatives you've considered
Alternatively, instead of fixed expiration times, a customizable expiration period could be introduced, allowing users to set their own expiry dates for different accounts based on their preferences.

Additional context
This feature would enhance the overall security of the password manager by encouraging users to rotate their passwords regularly. Here's an example of a possible notification message: "Your password for [website] is about to expire in 5 days. Please update it for continued security."

kindly assign this to me

Answer 1 · 2024-10-08T22:01:27.000Z

👋 Thank you for raising an issue! We appreciate your effort in helping us improve. Our team will review it shortly. Stay tuned!

Answer 2 · 2024-10-09T12:03:28.000Z

Hi @refa8, the idea is wonderful. But i feel that its completely unnecessary to ask users to change their password, instead you can create some security enhancements can be implemented to ensure there are no potential security risks.

What say you? @jinx-vi-0

Answer 3 · 2024-10-10T08:16:42.000Z

Hi @refa8, the idea is wonderful. But i feel that its completely unnecessary to ask users to change their password, instead you can create some security enhancements can be implemented to ensure there are no potential security risks.

What say you? @jinx-vi-0

Exactly, there is no need for that. If there are hundreds of passwords, it will be a cumbersome process to update all of them over a period of time.