Is it possible to get a list of accounts missing MFA?


Hello security audit is upon us and we're to check all of our vaults for accounts missing MFA. The sheer volume of that makes me wonder if there's a possibility to automate this task, and get a list in the end, preferably sorted by AWS/Azure (for example)?

Any hints are welcome, I'll probably lose the rest of my sanity points if I have to go through it manually.

Thank you!

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • ag_yaronag_yaron

    Team Member

    Hey @viray ,

    From the top of my head, you'll need to build a script that fetches all login items, exclude the ones that have a TOTP field and then output the ones that doesn't.

    A good place to start would be with a command such as op list items --categories login --vault TestVault | op get item -
    In this command, you ask op to list all the items that are login items in a vault called TestVault (you can remove the --vault flag if you want it to go over everything in one go but I think this will help you focus and locate things better), then you pipe it down to the op get item - command which will grab each one of the login items details.

    If there's a TOTP field in an item, you will see it in the output. Get the script to parse the output and find if there is a TOTP field in every login item, then list the ones that don't.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file