There are couple of other options you may try to solve the problem:
You can switch on option for user authentification by operating system. As such 1c will be using passwords of operating system, and no specific treatment for 1c passwords will be required;
By making small modifications to your configurations you can set up a separate login service with some additional functionality. Including periodicly required password changes, check for complexity, blocking after number of unsuccessfull login attempts, etc. I can help you on this if needed.