How to know who changed an account password?

anyway to know if the account password is change? will this write to table ? or mongodb log when password change?

Hi @soon_yu and welcome in the MongoDB Community :muscle:!

Users in a MongoDB server are stored in the special admin.system.users collection. I tried to open a Change Stream against this collection so I could monitor the changes happening in this collection, but this didn’t work as Change Streams aren’t supported on the special collections.

That being said, you could retrieve each user from this collection, calculate a checksum of each of the credentials subdocument and store this in a collection. You could then run this script every X minutes to verify if the checksums are still the same or not.

If the checksum is different, then it means the password has been changed.

I don’t really have a better idea for now :weary:.



Hi @soon_yu,

To addup to maxs idea, you can consider looking into our enterprise server auditing mechanism for userUpdate events:

This will let you auditing user password changes.