Last-Login and Last-Changed feature requests

mge01
mge01
Community Member

Adding another request for enhanced capability for tracking & reporting on last-logon and last-password-changed tracking and reporting.

As you know, some sites disable\delete user account after periods of activity. Tracking\reporting on last-logon would allow users to periodically review, login to, and\or delete inactive accounts, increasing security.

Simple(r) reporting on password last-change date would make it easier to make sure passwords are periodically rotated, reducing risk of compromised sites or accounts, long-running brute force attacks, etc.

Thanks for your consideration.

PS - seems like 'feature requests' should be added as its own category.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Referrer: forum-search:last used

Comments

  • ag_mike_d
    edited December 2022

    Hello @mge01,

    Thanks for your message! I've included your thoughts in the feature request we're currently tracking with the Product team for some additional reporting for last used/changed passwords. Your feedback is greatly appreciated!

    ref: PSS-I-134

  • seacompgeek
    seacompgeek
    Community Member

    As a new 1Password customer who switched from LastPass my goal was to move ASAP and cycle through password changes for all my accounts. Without a report for "password last-change date" , "duplicate password" and "last logon" it makes it hard to cycle through when you have over 200+ password across multiple vaults.

    I would ask that this feature allow the reports across the while account as well as specific vaults. For example, I may want to focus on my Work vault for cleanup first and my Personal vault second.

  • Hello @seacompgeek,

    Thanks for your request and welcome to 1Password! I've passed you feedback along to the Product team.

    In the meantime, have you taken a look at Watchtower? You can use Watchtower to find passwords you need to change. It will help to identify reused and weak passwords, find unsecured websites, and other options such as allowing you identify logins that support two-factor authentication.

    Give this a try and let us know if it helps!

    ref: 29732012

  • seacompgeek
    seacompgeek
    Community Member

    I used Watchtower to process the ones 1Password felt were at risk, but since I had a decent password policy at LastPass there was not a lot there.

    The 2 factor callout is not that great because there should also be a set of options on those items to note how MFA is setup. In 80% of the cases the items had MFA with SMS or an Auth app but no easy way to identify “I use MS Authenticator” or “Setup with SMS MFA” which could be applied across all the tagged as supporting MFA and not setup with one of these options.

  • @seacompgeek

    If you already have an alternative form of two-factor authentication set up for one of your items, such as SMS (which we would suggest you change to one-time passwords wherever possible), you can add a 2fa tag to the item and Watchtower will ignore it. Similarly, if you see an item that Watchtower flags for not using two-factor authentication, you can click the Ignore button in the banner to dismiss it.

This discussion has been closed.