Security reporting in 1Password Business provides visibility into your organization's password health, data breach exposure, and overall security posture. This guide covers Watchtower, Insights dashboard, and administrative reports to help you monitor and improve your team's credential security.
Prerequisites
Before you begin, ensure you have:
- 1Password Business subscription (some features not available on Teams)
- Owner access or membership in the Security group
- Team members actively using 1Password
- Understanding of password security best practices
Understanding 1Password Security Reporting
1Password offers several reporting tools:
| Tool | Purpose | Access Level |
|---|---|---|
| Watchtower (Personal) | Individual password health | All users, own vaults |
| Business Watchtower | Organization-wide password health | Owners, Security group |
| Insights Dashboard | Consolidated security overview | Owners, Security group |
| Team Report | User activity and statistics | Owners, Administrators |
| Domain Breach Report | Email domain exposure | Owners, Security group |
| Activity Log | Audit trail of actions | Owners, Administrators |
Step 1: Access the Watchtower Dashboard
Watchtower is your primary tool for identifying credential security issues.
View Personal Watchtower
For individual users:
- Open 1Password (app or browser extension)
- Click Watchtower in the sidebar
- View your personal security score and issues
View Business Watchtower Report
For organization-wide visibility:
- Sign in to 1Password.com as an owner or Security group member
- Navigate to Reports in the sidebar
- Select Watchtower
- View the Business Watchtower dashboard
Step 2: Understand Watchtower Categories
Watchtower checks for multiple security issues:
Compromised Passwords
What it checks: Passwords that have appeared in known data breaches.
How it works:
- Uses Have I Been Pwned database
- Checks via k-anonymity (privacy-preserving)
- Only partial password hash is transmitted
Action required: Immediately change any compromised passwords.
Weak Passwords
What it checks: Passwords that don't meet strength requirements.
Criteria includes:
- Short length
- Common patterns
- Dictionary words
- Insufficient complexity
Action required: Replace with strong, randomly generated passwords.
Reused Passwords
What it checks: Same password used across multiple accounts.
Risk: One breach exposes multiple accounts.
Action required: Generate unique passwords for each login.
Unsecured Websites
What it checks: Logins for sites using HTTP instead of HTTPS.
Risk: Credentials transmitted in plain text.
Action required: Check if site now supports HTTPS, or consider discontinuing use.
Two-Factor Authentication
What it checks: Accounts that support 2FA but don't have it enabled.
Risk: Account vulnerable to credential theft.
Action required: Enable 2FA where available.
Expiring Items
What it checks: Items with expiration dates approaching.
Examples: Credit cards, passwords with rotation policies, certificates.
Action required: Renew or update before expiration.
Passkeys Available
What it checks: Sites supporting passkeys where you're still using passwords.
Benefit: Passkeys provide phishing-resistant authentication.
Action required: Consider upgrading to passkeys where supported.
Step 3: Use the Insights Dashboard
Insights provides a consolidated view of organizational security.
Access Insights
- Sign in to 1Password.com as an owner or Security group member
- Navigate to Reports in the sidebar
- Select Insights
Insights Dashboard Sections
Breach Checks
Monitor data breaches affecting your team:
- Affected domains: Your email domains found in breaches
- Affected team members: Users whose credentials may be exposed
- Breach details: When and where breaches occurred
Password Health
Organization-wide password statistics:
| Metric | Description |
|---|---|
| Compromised | Passwords found in breach databases |
| Weak | Passwords below strength threshold |
| Reused | Passwords used multiple times |
| Missing 2FA | Accounts without two-factor auth |
Team Usage
Understand how your team uses 1Password:
- Active users: Members who signed in recently
- Items created: New credentials being saved
- Vaults in use: Collaboration patterns
- App usage: Desktop, mobile, browser extension
Filter and Drill Down
- Click on any metric to see details
- Filter by:
- Time period
- User groups
- Vault types
- Export data for further analysis
Step 4: Generate Team Reports
Team reports provide administrative insights into usage and security.
Access Team Reports
- Navigate to Reports > Team Report
- Select the reporting period
- View or export the report
Team Report Contents
| Section | Information |
|---|---|
| Overview | Total users, active users, items |
| Membership | New members, removed members, pending |
| Vaults | Shared vaults, vault usage |
| Security | Watchtower summary, compliance status |
| Activity | Sign-ins, item changes, sharing |
Export Team Reports
- Generate the desired report
- Click Export
- Choose format:
- CSV for spreadsheet analysis
- PDF for documentation
- Save and distribute as needed
Step 5: Review the Domain Breach Report
Monitor if your organization's email domains appear in data breaches.
Access Domain Breach Report
- Navigate to Reports > Domain Breach Report
- View breaches affecting your domains
- See which team members may be affected
Understanding Breach Data
| Column | Description |
|---|---|
| Breach Name | The compromised service/database |
| Date | When the breach occurred |
| Exposed Data | What information was leaked |
| Affected Users | Team members potentially impacted |
Respond to Breaches
- Notify affected users immediately
- Reset passwords for breached services
- Enable 2FA if not already active
- Monitor for unauthorized access
- Document for compliance
Step 6: Review Activity Logs
Activity logs provide an audit trail of all actions in your 1Password account.
Access Activity Logs
- Navigate to Reports > Activity Log
- View recent activity across your organization
Filter Activity
Filter by:
- User: Specific team member
- Action type: Sign-ins, item changes, sharing
- Date range: Custom time periods
- Vault: Specific vaults
Activity Types Tracked
| Category | Events |
|---|---|
| Authentication | Sign-ins, sign-outs, failed attempts |
| Items | Created, edited, deleted, shared |
| Vaults | Created, deleted, access changes |
| Team | Members added, removed, recovered |
| Settings | Policy changes, integrations |
Export for Compliance
- Set your desired filters
- Click Export
- Choose format and date range
- Use for audit documentation
Step 7: Create Custom Reports
For specific compliance or analysis needs:
Using the API
1Password provides APIs for custom reporting:
# Example: List all users
op user list --format=json
# Example: Get vault details
op vault list --format=json
Integrate with SIEM
For enterprise security monitoring:
- Enable event streaming (if available)
- Configure integration with your SIEM
- Create custom dashboards
- Set up alerts for security events
Step 8: Establish Reporting Cadence
Recommended Review Schedule
| Report | Frequency | Reviewer |
|---|---|---|
| Watchtower | Weekly | Security team |
| Breach Report | Weekly | Security team |
| Team Report | Monthly | IT management |
| Activity Log | Weekly (or on-demand) | Security team |
| Insights | Monthly | IT management |
Create Report Distribution
- Generate reports on schedule
- Export in appropriate format
- Distribute to stakeholders:
- Executive summary for leadership
- Detailed data for security team
- Compliance reports for auditors
Step 9: Act on Security Findings
Prioritize Issues
| Priority | Issue Type | Action Timeline |
|---|---|---|
| Critical | Compromised passwords | Immediate |
| High | Weak passwords | Within 24 hours |
| Medium | Reused passwords | Within 1 week |
| Low | Missing 2FA | Within 1 month |
Communicate with Team Members
- Notify affected users of security issues
- Provide guidance on remediation
- Track completion of password changes
- Follow up on outstanding issues
Sample Notification
Subject: Action Required: 1Password Security Alert
Dear [Name],
Our security review identified the following issues
with your 1Password account:
- [X] compromised passwords
- [X] weak passwords
- [X] reused passwords
Please address these issues by [date] by:
1. Opening 1Password and clicking Watchtower
2. Reviewing flagged items
3. Updating passwords as recommended
Contact [IT support] if you need assistance.
Troubleshooting Common Issues
Watchtower Not Showing Data
Solutions:
- Ensure internet connectivity
- Wait for initial sync to complete
- Manually refresh Watchtower
- Check if vaults are properly synced
Can't Access Security Reports
Solutions:
- Verify you're an owner or Security group member
- Check your account permissions
- Contact your 1Password administrator
Export Fails or Times Out
Solutions:
- Reduce the date range
- Filter to specific users or vaults
- Try a different export format
- Contact 1Password support for large accounts
Best Practices for Security Reporting
Establish Baselines
- Document current Watchtower scores
- Set improvement targets
- Track progress over time
- Celebrate security wins
Automate Where Possible
- Schedule regular report generation
- Set up alerts for critical issues
- Integrate with ticketing systems
- Use APIs for custom dashboards
Document for Compliance
Maintain records of:
- Regular security reviews
- Remediation actions taken
- Policy acknowledgments
- Training completion
Next Steps
After implementing security reporting:
- Set improvement goals: Target Watchtower score improvements
- Create policies: Establish password requirements
- Train team members: Educate on security best practices
- Automate monitoring: Set up regular report distribution
- Plan remediation: Create process for addressing issues
Additional Resources
Need help with your security reporting program? Inventive HQ provides comprehensive security assessment and monitoring services, including 1Password security optimization, compliance reporting, and ongoing security management. Contact us for a free consultation.