Logs & Audit Trail
Add an audit trail for logins or other important account activity. Like the Recent Activity feature in Gmail
AdminTara, Passpack
(Founding Partner, Passpack)
shared this idea
Logs & Audits will be included in a future release of Passpack. No ETA, please continue to vote so we can give this priority in our scheduling.
15 comments
-
Les
commented
For me an audit would be more important than "suspicious activity". I would like to know which users accessed password entries shared from the "central" account. As the owner of a password I would like to be able to see a list of all of the users who had accessed the shared copy of an entry and when.
-
Brian
commented
I agree that logging is very important, but it should also include immediate email and/or SMS notifications of suspicious activity including:
- Failed login or incorrect packing key
- Access from an unauthorized IP addressFurther, unauthorized IP addresses should be restricted so they cannot change account settings or change/remove existing information in the account. But that is perhaps a different topic.
-
Anonymous
commented
Is there any updated status on an audit/log trail? I'm noticing all of the previous comments are from 2010.
-
drodecker
commented
This is practically a requirement for me to implement this in our business. We widely make website passwords available. When a shared user accesses a password, a history log entry should be permanently kept. Furthermore the user should be aware of that log entry so that they are aware of the tracking.
-
Tom B.
commented
This would be a very useful feature for workgroup users.
-
M. Straus
commented
I like Michiel's list but also need to know who accessed a password and when. This reduces the scope of password changes required when an admin leaves the company.
-
Michiel
commented
Please log at least:
- changes to (shared) entries
- when entries are e-mailed
- when users are added/removed
- when backups/exports are made. -
twohawks
commented
Yes. In any business, for managing security and activity issues, a major concern is being able to audit. When problems arise we need to able to see who was accessing and changing what, when, and with whomelse,
More progressive/enterprising products are offering this feature. It certainly is one of the main things I was hoping to enjoy, and offer my clients, in this type of product. -
Chris
commented
I sustain the idea to have SMS notification upon login, kinda similar to what Facebook is providing.
-
BrianC
commented
Logging and alerting (email or SMS?) would be great for accessing shared and group passwords. See also the "Break Glass In Case of Emergency" suggestion down on the list.
-
Zachary
commented
Hopefully that will include who is accessing what passwords [with timestamps] for shared passwords or groups.
-
J. Allen R Day commented
Alerts for extremely suspicious activity are certainly desirable; even more of interest to me would be general log/audits for human (me) review.
I agree with Henry that it would be appropriate to limit more advanced functionality like this to premium users. Extra incentive to upgrade, sure--but also you don't want to overwhelm new users with functionality/options, either.
-
Henry
commented
Thanks for your question, that's what I have in mind. For example log-in from unkown ip-addresses (set by user), you probably know more and better scenario's that might be suspicious.
Perhaps great to add later: integration with Maxmind, to alert that someone log's in (or tries to) from an ip 2000 kilometers away from last visit/ ip from different country. Or ip from an anonymous proxy. Nice premium addon for security. -
"Suspicious activity" alerts would make sense here. is that what you had in mind, or something else?
-
Henry
commented
combine with ability to set Alerts?
