Administrator review of weak Team Member passwords

PMax
PMax
Community Member

After converting most of my team to 1Password, I'm disappointed that there is not a reporting function that can notify the Administrator of Team Member passwords that are weak/vulnerable/repeated/etc.

I've seen this request made in other posts, over and over (since 2018 at least).

If privacy is a concern, then obscure the results! Let the admin know that e.g., (5 of 45) passwords need review, so that I can at least know who I need to talk to for password review.

Even with a strong request from management, users are not very likely to spend time on password review. We cannot rely on users being the party that is responsible for reviewing our corporate risk. Both in the framework of a one-off basis, or on an ongoing basis. There needs to be some visibility on vulnerabilities for the corporate admin.

Otherwise - 1Password has been a great piece of software and we greatly appreciate the value it offers. For now, I'm going to go play nanny with each user.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • ag_max
    edited July 2023

    Hi @PMax,

    If you're using 1Password Business, you have access to the Insights section of your account on 1Password.com. This will allow you to review any reused, weak, or compromised passwords, as well as items where two-factor authentication has not been enabled. Clicking on one of the sections will open a list view so your administrative can use Watchtower to make the necessary changes to strengthen your items.

    That said, the Insights functionality currently has no reporting into Private vaults, which are only accessible to individual team members, which I understand is presenting a problem for your team. I've shared your feedback with our team internally to continue tracking interest to see if this can be better addressed in the future. Let me know if I've instead misread your concern, and we can regroup from there.

    ref: pb-34448017

  • PMax
    PMax
    Community Member
    edited July 2023

    Hi @ag_max - Thanks for passing along the feedback...

    I've seen several other posts where the feedback has been passed along already... For a couple years now :(

    Previous responses have said that it's a "display issue" so that the end user isn't confused where truly private vs. corporate-visible passwords lie. I've presented a solution in that you could just notify us that a user has issues needing addressing, and then the admin could meet with that person to demonstrate the Watchtower capabilities for their private vault.

    As for right now, I have no way of knowing who is using 1Password as a security tool versus who is using 1Password as an autofill mechanism with the same terrible password used everywhere.

    I'd be happy to discuss further offline, but I thought that the best approach is a public post. I invite others to piggyback this comment and request the feature be added if they think it would be valuable. I've seen this issue several times, and I can't help but feel that it should have already been addressed.

  • @PMax,

    I can definitely understand the frustration, as I realize getting more insight into the password health of team members has been requested for quite some time. This topic is pretty complex in both a technical and security manner. Your feedback is much appreciated and although it may seem like this request is being ignored, our team is still collecting feedback and tracking interest.

    In addition to posting in the Community, you and anyone else interested in this functionality are also welcome to send us at businesssupport@1password.com using the email associated with your 1Password account to share more feedback and details about your use case and requirements. This will allow the team to better ask follow up questions and share details that may be relevant but better shared privately.

This discussion has been closed.