Request for Log Enhancement for "Password List" Entries
3 votes
As part of our use of password lists, we have observed that when a password is copied from a specific line, the activity logs only indicate that a password was used, without specifying which one. This lack of detail limits traceability, particularly in the context of audits.
To comply with the requirements of our ISO 27001 certification, which mandates the most comprehensive logging possible, we recommend including additional identifying information in the logs, such as:
- The content of the "Name" field
- The line number
- Or a unique identifier (ID)
Our vault contains a large number of passwords, and in order to follow your recommendation of not exceeding 1000 entries, we rely on password lists. It is therefore essential that every action involving these lists be clearly identifiable in the logs.
All Comments (3)
Great feature request, specially for auditing.
Hello,
Thank you for the suggestion. In your case, I would really opt for a single credential and not password lists. Out of curiosity, how many password lists and about how many passwords do you have in a single list? Also, where did you get the recommendation of 1 000 entries? I'm wondering since it should be 2 000 entries in a single vault as a healthy limit (for Hub).
Have a good day!
Maxime Morin
Hi Maxime. We have maybe around 20-30 Password List and some may have more than 50 passwords in them. We were told about 1000 entries when we implemented it about 2 years ago. So much the better if it's 2000!