API to fetch data of all employees using weak passwords?

Is there any API that I can use to fetch information about my employees who are using weak passwords?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Can I analyze data around passwords for my company

Comments

  • ag_yaronag_yaron

    Team Member

    Hey @uzairahmed ,

    This is our complete API: https://support.1password.com/command-line-reference/

    Currently there's no way to retrieve weak passwords, you can only retrieve the password fields without any determination on whether they are weak or not. If you have some scripting experience, you can built a script that fetches all the passwords of a user and determines whether they are weak or not (e.g. with rules like "if password length < 12 then it is a weak password").

  • Thanks for bringing this up @uzairahmed because I was looking for something similar. @ag_yaron thank you for the recommendation on creating a script. Now remind me is there a way to purge these passwords from shared vaults? Now I am just thinking this through but I am thinking of "if password length <12, force user to update password".

  • ag_yaronag_yaron

    Team Member

    @Kennyties If you have sufficient privileges/permissions in said shared vaults, you can do whatever you want with them.

    However, keep in mind that deleting passwords that are currently in use by users (even if they are weak) might lock the users out of the account in question ;)

  • @ag_yaron, thanks I do have sufficient privileges/permissions in said shared vaults. I actually created a separate thread on my request. And I worded my question in correctly, I would purge/reset passwords to meet my requirements so that users would not get locked out.

  • ag_yaronag_yaron

    Team Member

    Thanks for clarifying :+1:

  • Hello @uzairahmed,

    I was able to figure out this entire process.
    Here are my steps:
    1. I used the .\op list item of by using this command .\op list vaults --group "Group Name" | .\op get vault - | .\op list items| .\op get item - --fields website,username,password --format JSON |ConvertFrom-JSon |
    2. I then saved the command as a variable then did a | format-table
    3. Then I used a $variablename.where($_.password.length -lt 14}) The last portion of the .length -lt 14 gets password strings less than 14.
    4. I then installed the ImportExcel module to save and open the file in excel automatically.
    5. I then used this $VariableName.where({$_.password.length -lt 14}) |Get-Process | Export-Excel "File location" -Show

    Let me know if you have any questions.

  • ag_yaronag_yaron

    Team Member
    edited January 5

    Thanks for sharing @Kennyties .

    I think it is worth noting here that a password's strength is determined by more than just its length. If you have a 12 characters long password that was generated with our generator (including letters, digits and symbols), it would be extremely strong (dare I say quite uncrackable), as opposed to a 14 digits password that a person makes up. However, your solution here is a great way to enforce minimum requirements policy :)

  • Hey @ag_yaron,

    You are very welcome.

    That is a very good point, I will have to update my script to include those requirements.

  • ag_yaronag_yaron

    Team Member

    Sounds good :+1:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file