My suggestion for Passpack is ...

Logs & Audit Trail

Add an audit trail for logins or other important account activity. Like the Recent Activity feature in Gmail

256 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    PasspackAdminPasspack (Admin, Passpack) shared this idea  ·   ·  Admin →
    planned  ·  PasspackAdminPasspack (Admin, Passpack) responded  · 

    Logs & Audits will be included in a future release of Passpack. No ETA, please continue to vote so we can give this priority in our scheduling.

    18 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  · 

        It would be helpful to have it included in the activity log when shared entries are modified (when and by whom).

      • Dan CourseDan Course commented  · 

        I just want a list of Access, IP, time and username

      • LesLes commented  · 

        For me an audit would be more important than "suspicious activity". I would like to know which users accessed password entries shared from the "central" account. As the owner of a password I would like to be able to see a list of all of the users who had accessed the shared copy of an entry and when.

      • BrianBrian commented  · 

        I agree that logging is very important, but it should also include immediate email and/or SMS notifications of suspicious activity including:

        - Failed login or incorrect packing key
        - Access from an unauthorized IP address

        Further, unauthorized IP addresses should be restricted so they cannot change account settings or change/remove existing information in the account. But that is perhaps a different topic.

      • Anonymous commented  · 

        Is there any updated status on an audit/log trail? I'm noticing all of the previous comments are from 2010.

      • drodeckerdrodecker commented  · 

        This is practically a requirement for me to implement this in our business. We widely make website passwords available. When a shared user accesses a password, a history log entry should be permanently kept. Furthermore the user should be aware of that log entry so that they are aware of the tracking.

      • Tom B.Tom B. commented  · 

        This would be a very useful feature for workgroup users.

      • M. StrausM. Straus commented  · 

        I like Michiel's list but also need to know who accessed a password and when. This reduces the scope of password changes required when an admin leaves the company.

      • MichielMichiel commented  · 

        Please log at least:
        - changes to (shared) entries
        - when entries are e-mailed
        - when users are added/removed
        - when backups/exports are made.

      • twohawkstwohawks commented  · 

        Yes. In any business, for managing security and activity issues, a major concern is being able to audit. When problems arise we need to able to see who was accessing and changing what, when, and with whomelse,
        More progressive/enterprising products are offering this feature. It certainly is one of the main things I was hoping to enjoy, and offer my clients, in this type of product.

      • ChrisChris commented  · 

        I sustain the idea to have SMS notification upon login, kinda similar to what Facebook is providing.

      • BrianCBrianC commented  · 

        Logging and alerting (email or SMS?) would be great for accessing shared and group passwords. See also the "Break Glass In Case of Emergency" suggestion down on the list.

      • ZacharyZachary commented  · 

        Hopefully that will include who is accessing what passwords [with timestamps] for shared passwords or groups.

      • J. Allen R DayJ. Allen R Day commented  · 

        Alerts for extremely suspicious activity are certainly desirable; even more of interest to me would be general log/audits for human (me) review.

        I agree with Henry that it would be appropriate to limit more advanced functionality like this to premium users. Extra incentive to upgrade, sure--but also you don't want to overwhelm new users with functionality/options, either.

      • HenryHenry commented  · 

        Thanks for your question, that's what I have in mind. For example log-in from unkown ip-addresses (set by user), you probably know more and better scenario's that might be suspicious.
        Perhaps great to add later: integration with Maxmind, to alert that someone log's in (or tries to) from an ip 2000 kilometers away from last visit/ ip from different country. Or ip from an anonymous proxy. Nice premium addon for security.

      • HenryHenry commented  · 

        combine with ability to set Alerts?

      Feedback and Knowledge Base