Do I need to change every password when an employee is terminated?

From my understanding, if an employee with access to our 1password account is terminated, I will have to change the passwords of every login in every vault they had access to while working because there is a possibility they could have found a clever workaround to reveal our login credentials. ex. When chrome password manager asks to save the credentials after a successful 1password login.

Am I correct in assuming every password would have to be changed after termination of an employee?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @DjMikeyB: The answer is: it really depends. If you have access to 1Password Business reporting features, you may be able to determine specially which logins were accessed and therefore which need to be changed. But either way, you're right that password they did use, even if you don't know they actually saw or copied it, should be changed because it could be possible to save or reveal them in the browser. That may seem daunting, but starting with the most critical first (the accounts where the most damage could be done) can help. Be sure to let me know if you have any other questions! :)

  • hesspaul
    hesspaul
    Community Member

    This is a bit of a wild idea, but can Watchtower help? In the process of removing an employee from the team, 1P could ask whether I want to consider all passwords they have accessed as at risk. If I say yes, then there can be a category in the Watchtower section listing those passwords which have not subsequently been changed.

  • It is an interesting idea for sure @hesspaul. Perhaps something we can consider.

    Ben

  • gareth_muirhead
    gareth_muirhead
    Community Member

    This is why users need to have unique usernames and passwords, not shared, so that when they leave its just a matter of disabling their unique user accounts. But of course I realise this is not always possible.

  • That is indeed probably the ideal where possible.

    Ben

This discussion has been closed.