Audit Log?

Long time user/lover of 1Password, love it.

I was pondering this recently and thought Id throw it in a comment

Is it possible one day to maybe see some time of audit log to the 1Password database? I sync it to dropbox, and have 2-step setup on that, but sometimes I wonder what devices have recent access (correctly or incorrectly unlocked) the database. Id love to see this type of feature.

Places like dropbox, Google, Twitter, etc are now using the same scenario, and with the new Message Centre, I would think its doable, as a nice way to take a gander and see whats going on, anything fishy etc.

My 2 cents...

Comments

  • brentybrenty

    Team Member

    @HackerJL: That is a really interesting suggestion. Thanks for sharing it!

    It sounds like what you're referring to is sort of like what many web services have (like Gmail's 'last account activity details') for account security. When Dropbox syncs your data it keeps access records and you can also revoke access for certain devices as well. Since 1Password itself isn't web service, I'm not sure it would have access to this type of information, but it's definitely something to consider going forward. :)

  • I don't think that this is possible on a technical level. Sure you could have the 1Password application log its usage but if you are, as I think, looking to audit accesses to your vault on Dropbox then this would not help you.

    The vault is just a data container. There is no active code in there (other than 1Password.html, which isn't required) controlling access to the data and so there is no way.

    Even the Dropbox logs won't help you much. If someone gained access to your Dropbox account then all you'd see in the logs would be a single download of the vault. They might then run millions of unlock attempts but they would all be on their local copy of the vault and Dropbox would see none of it.

  • brentybrenty

    Team Member

    @RichardPayne: Agreed. There's also the matter of someone who has access could falsify information as well. Certainly not feasible the way that 1Password works today, but down the road who knows? :)

This discussion has been closed.