Feature Request for Passwordstate: Regular Access Credential Review and Deletion

[David Amenda]

Description: We are facing the challenge of managing access credentials to customer systems in Passwordstate and ensuring that they are regularly audited. To streamline this process and enhance security, we propose the implementation of the following features:

1. Access Confirmation:

• Introduce a mechanism where the respective access custodian must regularly confirm whether these credentials are still required. This confirmation can be performed manually or automatically via notifications.

2. Notifications:

• Notifications should be delivered not only via email but also through Passwordstate's notification system to ensure they are promptly acknowledged.

3. Customizable Timeframes:

• Flexibility in setting the timeframe for review and potential deletion of access credentials. Organizations should be able to define these timeframes based on their specific needs.

4. Automatic Deletion:

• Provide the option for automatic deletion of no longer required access credentials. However, this feature should be customizable, as certain credentials may need longer retention periods.

5. Reminder for Non-Response:

• Send periodic reminders to access custodians who have not responded to the review requests. This ensures that even temporarily absent custodians can respond appropriately.

6. Global Access to Audit Reports:

• Enable the creation of comprehensive audit reports accessible globally, with effective filtering options to facilitate ease of use and access.

7. Inclusion of Deleted Access and Deletion Dates:

• Allow for the display of previously deleted access credentials in audit reports, including the date of deletion. This feature is vital for compliance and historical tracking.

8. Custom Settings:

• To accommodate varying organizational requirements, Passwordstate should allow users to customize settings for review periods, reminders, and deletion behavior.

In summary, this feature request is aimed at improving the efficiency and security of access credential management in Passwordstate. The implementation of these flexible features would ensure that the platform effectively supports regular reviews and the management of access credentials.