Password Expiry
Since version 4.5.0, Passbolt Pro Edition supports the configuration of Password Expiry.
How does it work?
This feature allows administrators to set automatic expiry policies for passwords. This ensures that passwords are regularly rotated, improving security by mitigating risks when users lose access to resources. Additionally, the Pro edition offers advanced settings for customizing password expiry policies. Users can manually mark passwords as expired and adjust expiry dates, giving teams flexibility and control over their password management practices.
Expiry Policies
Default password expiry period
The default password expiry period is set to 90 days, it is possible for the administrators to extend or reduce this scope. This means that when user will create a resource, the default expiry date will be set to the defined days.
Policy Override
This option is not enabled by default, this will allow the users to override the default policy which means that they will be able to override the defined expiry date.
Automation workflows
Automatic Expiry
This option will automatically mark as expired the passwords when a user or a group who has accessed the password is removed from the permission list. This option will also trigger an email and notify the resource owner if the email notification is enabled in Administration > Email Notifications
Automatic Update
With this option, when a password is updated it will automatically renew the expiry date based on hte default password expiry period.