How does the Push browser extension work?

The Push browser extension helps you protect against identity-based attacks in the cloud by detecting and blocking techniques that target employees in the browser, and giving you a full accounting of the security posture of your workforce accounts, including the apps being used across the business.

Once installed on employee browsers, the Push extension looks for logins to cloud apps that use your specified company domains (e.g. employee@example.com) or that use any domain, depending on the domain monitoring settings you configured in the Push admin console.

You'll see discovered apps and security findings populate the Push admin console as the extension observes real-time logins.

The Push extension analyzes the security of an account by performing checks for stolen, leaked, shared, reused or weak passwords; MFA usage and MFA method; capturing the login method (password, SAML, or OIDC); and others.

The extension does not store passwords or send them anywhere. It is able to perform security checks on passwords by generating a SHA256 partial hash that is salted, stored locally, and used for comparisons. These salted partial hashes are known as fingerprints.

For more details about how the Push extension securely analyzes passwords, refer to this related help article.

By collecting this data, you are able to see:

• Which apps your employees are logging into using usernames and passwords, SAML, OIDC, etc.

• Whether they are using strong passwords.

• Whether they are reusing passwords between accounts.

• Whether employees are sharing account credentials.

• Whether your employees are using passwords that have been exposed in a data breach or are actively for sale on criminal forums.

• Whether employees are using a password manager, and which one

• Whether employees have registered for MFA.

In addition, you can configure a list of custom terms to restrict from use in passwords, such as common company or team names that are easily guessable.

The browser extension also powers Push's security controls, including AiTM phishing prevention and SSO password protection.

Once installed, the extension sits in the background of your employees’ browsers and collects information about the apps they log into.

Learn more about the data that the Push extension collects in our documentation.

The browser extension can monitor logins to commonly used work apps based on your company email domain(s) or it can monitor all email domains an employee might use. Configure your preferred domains on the Settings page of the Push admin console.

The extension can also detect company domain logins to apps that Push may not recognize as work apps. These apps will appear in a separate list called "Other apps" in the admin console.

When new versions of the Push browser extension are released, it automatically updates without any action required of you or your employees.