Global Password Analyzer (to include user vaults)
0 vote
Password Analyzer to test the user vaults of the organization, to show at least re-used passwords and password strength (without revealing passwords).
This could be on a per-vault basis, and also indicate the presence of identical passwords across multiple user vaults.
All Comments (1)
Hello,
Thank you for your sugestion. While I understand your use case, it's something that we have to be extra careful with.
Currently, in order to run the report, passwords are downloaded on the client and decrypted to do the checks. In other words, there's no way of running the report server side without having the actual data on the client. By client, I mean for example the browser, Workspace or RDM.
I believe this would be easier to do with a reporting service that we plan do work on eventually. It would be a service that runs reports on a system of your choice (on-prem or in your cloud) with an application user. Users have already requested a report for expired or expiring entries. We could add password re-use and strength checks.
Sadly, it's not something that will be available next release; it's a long term plan.
Have a good day!
Maxime Morin