I've previously used corporate password management tools that could give me a report of every password that a specific person has viewed or used. This was critical in identifying risk and prioritizing which passwords to change when a staff member left the organization.

Presently, there is no way for me to identify every password that a specific user has viewed or used. Without this report, if that user is terminated, we have to assume that they "know" every single password they have access to, which could be hundreds, and that makes the offboarding process extremely difficult since we now have to assume that every one of those passwords must be changed. This is a tremendous burden if, in actuality, that user only viewed or used 10 of those 100+.