shared vault access logs

Hi,
Has there been any chagnes to audit-logging shared password access since the question here.
https://1password.community/discussion/81451/audit-trail-for-teams

The main reasons this is useful is to find out the impact of a compromised account. If you have a shared vault with those rairly used "break glass" knowing if a vault has been accessed by the compromised acconut, or if it has, which passwords have been accesssed is hugely important in scoping the size of the compromise, and work needed to re-secure everything.

Thanks.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Hi @SimonC8,

    Since that thread was posted we did introduce the usage report and item usage report for 1Password Business customers. That said, this won't directly help when it comes to compromised items. The best way to detect those is to run a Watchtower report for your vault containing said items. As for usage:

    Usage report

    If you're in the Owners or Administrators groups on a team using 1Password Business, you can generate usage reports to see which users on your team last accessed an item within a vault. This reports the following types of actions made by users:

    • Copy password. A password was copied.
    • Create. An item was created.
    • Display. An item was viewed on 1Password.com
    • Edit. An item was edited.
    • Export. An item was exported.
    • Fill. A password was filled.
    • Reveal. A password was revealed.
    • Select SSO provider. Unlock with Identity Provider was set up.
    • Share. An item was shared.
    • Start editing. A team member started editing an item.

    To view history for a specific item, any account owner, administrator, or person with vault management permissions for the vault can view the item usage report for a specific item. To do that:

    1. Open https://start.1password.com in your browser and sign in to your account.
    2. Click on a shared vault from your Home page.
    3. Select an item and then click the graph icon.

    This will show when the item was used, by who, and the specific actions that were taken. I suppose these tools could be useful after you can determine which items were compromised by using the Watchtower report.

This discussion has been closed.