New Feature: Verified Stolen Credential Detection

Blog
/
Release notes

Product Release: March 2023

Provide just-in-time password guidance with inline browser prompts, identify dormant third-party integrations, and more.

Here's what's new on the Push platform this month:

  • Just-in-time password guidance with inline browser prompts

  • Identify dormant third-party integrations

  • Expanded visibility into MFA usage for apps

  • Find passwords exposed in a data breach and make a custom restricted list

  • Improved account security page

Want to share your input on our product roadmap? Set up a call with our team — we’d love to hear from you.

Catch weak passwords before they happen with new Push Labs feature

Push Labs is a new early-access program that allows you to try features before they roll out to everyone. With inline browser prompts, the first Labs feature, you can enable tooltip messages that will appear in the employee’s browser when they sign up for new SaaS apps with a weak or reused password, or when they log into existing ones.

By providing just-in-time guidance, inline prompts encourage employees to practice better password hygiene without adding to your team’s workload.

You can enable inline browser prompts by logging into the Push admin console and going to Settings > Push Labs and then toggle on the new feature.

We’d love to hear your feedback! Get in touch at support@pushsecurity.com.

Identify dormant third-party integrations

You can now see when a third-party integration that’s connected with your Microsoft 365 or Google Workspace tenant was last used for each of your users.

Go to Explore > Third-party integrations and then select the integration. In the integration details pane, select Consented by and then review the Last used column.

Integration - consented by - release notes March 2023

With this data, you can more easily find dormant integrations that can be removed without impacting your employees so that you can reduce your SaaS attack surface.

This information is also just generally helpful as you discover which integrations are being actively used in your organization.

Expanded visibility into whether employees are using MFA

Push already provides visibility into whether employees are using MFA for your primary work platform (Google Workspace or Microsoft 365). We’re now expanding that capability to other SaaS apps. This new capability is provided by our browser extension and can be used to detect MFA usage whether or not the SaaS platform provides an API, allowing us to expand our coverage to virtually any SaaS app.

You can see MFA usage data on the Account security page in the Push admin console.

Check the Supported SaaS page to see where the Push browser extension offers MFA detection. We’re starting with support for high-value apps first, such as administrator tools, and expanding from there.

Find passwords exposed in a data breach and enhance password hygiene checks with a custom restricted words list

Push now connects to the Have I Been Pwned API to check whether employee passwords match those exposed in data breaches. If a match is found, Push can send a ChatOps message to the employee to ask them to change their password. Learn more about how it works in this help article.

To further customize what counts as a weak password, you can also configure a custom list of terms that Push will look for when completing password hygiene checks — such as company or team names, or other commonly used words at your organization that would be easy to guess. Learn more about creating a custom restricted words list in this help article.

Custom word list - release notes March 2023

Better at-a-glance reporting for employee account security

Check out the new Account security page in the Push admin console to see an overview of MFA adoption and password security findings for your employees. The account security page combines the data previously available on the multi-factor authentication and password security pages in the admin console.

Click on an employee to see an improved presentation of Push’s security findings that puts account security issues into a single efficient view.

Account security page - docs - View SaaS apps & activity

Keep up with Push on our status page

Learn about scheduled maintenance or other time-sensitive events on the Push platform by subscribing to our status page. You can choose to receive notifications via email or directly in Slack by clicking Subscribe to updates.

Subscribe to get updates from Push
The latest news, articles, and resources, sent to your inbox