group/business accounts need to be able to track what people post or do with the account. it'd be nice if say, per app password or controller there was logging for what records get changed using what app passwords. this wouldn't work for private data on specific apps such as bsky dms, but it could theoretically cover all of the public data.
probably a separate idea is having each controller of an account being able to make app passwords and having them tied to their DID, this could also show up in the active sessions tab.