Feature request: Password strength audit report
We have rolled out 1Password to our entire team (yay!) and I am forcefully encouraging everyone to input their passwords into the system, even if it's just into their own vaults. This is to get people to change individual passwords to something more complex, ideally as generated by 1Password.
Our new IT policies are going to require the use of more secure and thus complex passwords.
However, I'd like to be able to run an audit report for all passwords in the vaults, to see how many (and which ones) have a low security score. This would enable me as a sysadmin to correct legacy passwords that have been missed or remind people that their passwords need to meet certain basic standards across all and any systems they use.
Since we use lots of different services we are at the mercy of individual site's baseline requirements for password strength, and the willingness of our staff to up the ante.
This type of report would give me a simple way of bringing out the stick when necessary to enforce our policy. For a Teams account, this would seem like a sensible feature to have.
It could look something like:
Name of item | Password strength | Created by | Last modified by | Last modified on |
Bank account | Low (or 1 out of 10) | Christian | Dave | 10 October 2016
Thanks!
Christian
1Password Version: 6.3.5
Extension Version: Not Provided
OS Version: 10.11.6
Sync Type: Not Provided
Comments
-
Hi @cbacklund! Congrats on the rollout. :) A password strengthening initiative is a fantastic next step. I appreciate the suggestion as well. This is something we've been thinking about, and it's good to know folks are looking for it for their teams. I'll forward your feedback to the team. Cheers!
ref: B5-1623
0 -
Cheers Jacob, it'd be great to get this feature in place.
Related to this, I also found the 'Password strength' sort mode in 1Password for OS X but it doesn't appear to be working all too well. As I go through the list the password strengths go from weak to high and back again, so it doesn't seem to have sorted them in ascending or descending order.
I was hoping to be able to use this sort to find and update weak passwords whilst waiting eagerly for an audit report.
0 -
@cbacklund Hmm, that's interesting. I just tried sorting by password strength in 1Password for Mac and found it worked as expected. You can adjust whether it's strongest to weakest or weakest to strongest at the bottom of the sorting menu:
Does that work for you?
0 -
@Jacob I don't have that experience. Firstly, when I'm viewing All Items I get lots of notes and other things at the top, which is fine as they have no passwords so would rate as 0 in the filter. However then I start to see items with passwords interspersed amongst these non-password items, which isn't right. Further down I do then get passwords but they are not ranked by strength, irrespective of how I sort (ASC or DESC) on password strength.
Even if I filter to view only Logins I get the same behaviour re sorting, and the items are not in order.
0 -
@cbacklund Good to know. Could you try locking and unlocking 1Password to see if that makes a difference?
0 -
@Jacob No, unfortunately not. But what I have found is that it does seem to work for about 50-55% of my items. I have 900+ items in my various vaults, and as mentioned it's jumbled for the first half, then the rest seems to be mostly right, with some oddities here and there where it jumps from amber to green then back to amber as I scroll through the list.
By which I mean the colour-coding on the strength indicator.
I've also noticed that some items, like Servers, don't show a password strength indicator at all. It'd be handy to have them for all password types (basically whenever you set a field as a password, irrespective of label name, it shows the strength indicator).
0 -
@cbacklund Thanks for the details. I'd like to look into this further with a colleague. Could you take a screenshot of what you're seeing please? If you need any help taking a screenshot, there is a nice guide over here.
Once you have the image, make sure to remove or mask any private info since this is a public forum. Then just attach it to your post by clicking the document icon and clicking Choose Files. Here's what that looks like:
Thanks! That'll give us a better idea of what is happening. :)
0