Auditing who accesses credentials is pointless, IMO. So you know that Tom, Jane ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

snuxoll on Nov 3, 2015 | parent | context | favorite | on: Introducing 1Password for Teams

Auditing who accesses credentials is pointless, IMO. So you know that Tom, Jane and John have all accessed the domain admin credentials since they were changed last week, what good does that do you? They all have reason to do it, and any one of them could have written them down so it's not like you can audit who pulled them up 15 minutes before some huge security incident and know who was responsible.

helper on Nov 3, 2015 [–]

Not necessarily. If you have an organization with 100 users and most systems are accessed rarely, an audit log can show you things like "Steve accessed ALL the credentials."

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact