[3.23 and below]
Through the Dashboard screen it is possible to have the credential report under custody. Go to Dashboard > PAM > Custody and scroll down to check which credentials are the most withdrawn and for how long the user was responsible for their possession.