API to fetch data of all employees using weak passwords?

uzairahmed
uzairahmed
Community Member

Is there any API that I can use to fetch information about my employees who are using weak passwords?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Can I analyze data around passwords for my company

Comments

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @uzairahmed ,

    This is our complete API: https://support.1password.com/command-line-reference/

    Currently there's no way to retrieve weak passwords, you can only retrieve the password fields without any determination on whether they are weak or not. If you have some scripting experience, you can built a script that fetches all the passwords of a user and determines whether they are weak or not (e.g. with rules like "if password length < 12 then it is a weak password").

  • Kennyties
    Kennyties
    Community Member

    Thanks for bringing this up @uzairahmed because I was looking for something similar. @ag_yaron thank you for the recommendation on creating a script. Now remind me is there a way to purge these passwords from shared vaults? Now I am just thinking this through but I am thinking of "if password length <12, force user to update password".

  • ag_yaron
    ag_yaron
    1Password Alumni

    @Kennyties If you have sufficient privileges/permissions in said shared vaults, you can do whatever you want with them.

    However, keep in mind that deleting passwords that are currently in use by users (even if they are weak) might lock the users out of the account in question ;)

  • Kennyties
    Kennyties
    Community Member

    @ag_yaron, thanks I do have sufficient privileges/permissions in said shared vaults. I actually created a separate thread on my request. And I worded my question in correctly, I would purge/reset passwords to meet my requirements so that users would not get locked out.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Thanks for clarifying :+1:

  • Kennyties
    Kennyties
    Community Member

    Hello @uzairahmed,

    I was able to figure out this entire process.
    Here are my steps:
    1. I used the .\op list item of by using this command .\op list vaults --group "Group Name" | .\op get vault - | .\op list items| .\op get item - --fields website,username,password --format JSON |ConvertFrom-JSon |
    2. I then saved the command as a variable then did a | format-table
    3. Then I used a $variablename.where($_.password.length -lt 14}) The last portion of the .length -lt 14 gets password strings less than 14.
    4. I then installed the ImportExcel module to save and open the file in excel automatically.
    5. I then used this $VariableName.where({$_.password.length -lt 14}) |Get-Process | Export-Excel "File location" -Show

    Let me know if you have any questions.

  • ag_yaron
    ag_yaron
    1Password Alumni
    edited January 2021

    Thanks for sharing @Kennyties .

    I think it is worth noting here that a password's strength is determined by more than just its length. If you have a 12 characters long password that was generated with our generator (including letters, digits and symbols), it would be extremely strong (dare I say quite uncrackable), as opposed to a 14 digits password that a person makes up. However, your solution here is a great way to enforce minimum requirements policy :)

  • Kennyties
    Kennyties
    Community Member

    Hey @ag_yaron,

    You are very welcome.

    That is a very good point, I will have to update my script to include those requirements.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Sounds good :+1:

This discussion has been closed.