Logs & Audit Trail
Add an audit trail for logins or other important account activity. Like the Recent Activity feature in Gmail
Logs & Audits will be included in a future release of Passpack. No ETA, please continue to vote so we can give this priority in our scheduling.
For me an audit would be more important than "suspicious activity". I would like to know which users accessed password entries shared from the "central" account. As the owner of a password I would like to be able to see a list of all of the users who had accessed the shared copy of an entry and when.
I agree that logging is very important, but it should also include immediate email and/or SMS notifications of suspicious activity including:
- Failed login or incorrect packing key
- Access from an unauthorized IP address
Further, unauthorized IP addresses should be restricted so they cannot change account settings or change/remove existing information in the account. But that is perhaps a different topic.
Is there any updated status on an audit/log trail? I'm noticing all of the previous comments are from 2010.
This is practically a requirement for me to implement this in our business. We widely make website passwords available. When a shared user accesses a password, a history log entry should be permanently kept. Furthermore the user should be aware of that log entry so that they are aware of the tracking.
Tom B. commented
This would be a very useful feature for workgroup users.
M. Straus commented
I like Michiel's list but also need to know who accessed a password and when. This reduces the scope of password changes required when an admin leaves the company.
Please log at least:
- changes to (shared) entries
- when entries are e-mailed
- when users are added/removed
- when backups/exports are made.
Yes. In any business, for managing security and activity issues, a major concern is being able to audit. When problems arise we need to able to see who was accessing and changing what, when, and with whomelse,
More progressive/enterprising products are offering this feature. It certainly is one of the main things I was hoping to enjoy, and offer my clients, in this type of product.
I sustain the idea to have SMS notification upon login, kinda similar to what Facebook is providing.
Logging and alerting (email or SMS?) would be great for accessing shared and group passwords. See also the "Break Glass In Case of Emergency" suggestion down on the list.
Hopefully that will include who is accessing what passwords [with timestamps] for shared passwords or groups.
J. Allen R Day commented
Alerts for extremely suspicious activity are certainly desirable; even more of interest to me would be general log/audits for human (me) review.
I agree with Henry that it would be appropriate to limit more advanced functionality like this to premium users. Extra incentive to upgrade, sure--but also you don't want to overwhelm new users with functionality/options, either.
Thanks for your question, that's what I have in mind. For example log-in from unkown ip-addresses (set by user), you probably know more and better scenario's that might be suspicious.
Perhaps great to add later: integration with Maxmind, to alert that someone log's in (or tries to) from an ip 2000 kilometers away from last visit/ ip from different country. Or ip from an anonymous proxy. Nice premium addon for security.
"Suspicious activity" alerts would make sense here. is that what you had in mind, or something else?
combine with ability to set Alerts?