ChatOps topic guide: Password issues
Use ChatOps to message employees when Push finds a weak or reused password.
What kind of messages are sent?
Push will message an employee when we find a weak password or one that's reused across more than one SaaS application. Here’s an example message:
If Push later observes a login where the issue has been resolved, the chatbot will send a second message to confirm that everything is fixed:
Who will be messaged?
Push will only send ChatOps messages to employees where ChatOps has been activated. You can activate ChatOps for employees from the Employees page or the ChatOps page in the admin console.
If the Push browser extension observes a login to a SaaS app with either a weak password or one that is reused, the chatbot will message the employee and ask them to update their password for the specific application.
When will they be messaged?
Push will immediately message employees after observing a login with a password security issue. When you first enable the chat topic, Push will also message employees about recently observed password security issues. Issues older than 30 days will not trigger a message until Push observes the next login to those applications.
If an employee isn’t ready to take action on the suggestion, they can choose to be reminded again in a month.
When is a password issue considered to be resolved?
The Push browser extension must observe a subsequent login to an app in order to confirm that a changed password is no longer weak or reused. If an app doesn't prompt users to re-authenticate very often, a weak password finding might stay open in the Push platform until the next time the employee logs in.