How does Push determine if an employee is using a password manager?

Push can observe whether someone is manually typing their passwords into password entry fields via the Push browser extension. This is a high-fidelity signal that they are not using a password manager to autofill their passwords.

For a given employee, Push checks whether a password was manually typed for 4 out of the last 5 observed logins. If so, a finding is created for that employee. You can see this type of finding on the Employees page by using the filter and then selecting Findings and the finding type of Password manager not in use.

If you've enabled the security team ChatOps topic for Security findings related to password manager use, you'll also get a notification about the finding.

At the account level, you'll be able to see a keyboard icon on the account details pane and a tooltip label of Password was manually typed for that account.

You’ll see a badge icon and a tooltip label of Password manager used if the extension detects that a password was not manually entered.

The badge or the keyboard icon is set by the last observed login for that account.

Note: If someone copy and pastes a password into an entry field, the browser extension is not able to distinguish this behavior from the use of a password manager (or any other autofill method), and the Push admin console will also label that usage as Password manager used.