New Feature: Verified Stolen Credential Detection

Push Help Center
Ready to help
Help for administrators
Help for admins
Help for employees
Help for employees
Help for administrators
/
Privacy and security

Can Push identify which password managers employees are using?

In this section:

Yes. The Push browser extension identifies whether someone is manually typing their passwords into password entry fields or using a password manager, and which one.

By understanding password manager usage in your environment, you can ensure that employees are storing corporate credentials only in approved solutions.

How does it work?

The Push browser extension observes when text is entered into password entry fields and identifies whether a password is manually typed or entered by a password manager. Push is able to fingerprint commonly used password managers to identify which one was used for a particular login.

The Push admin console then displays the results on the Accounts page. Select an account slideout and check the icon shown for the recent login to that account.

Password manager ID slideout - KB 10085

If a password manager was detected for the most recent login, Push will display the icon for the password manager that was observed. If a password was manually pasted, the icon and tooltip will note that, too. Finally, if Push could not identify the password manager but the password was still entered using a password manager, the icon and tooltip will reflect that.

From the Accounts page, you can filter by password managers to identify which accounts use which password manager.

Password manager Findings filter - KB 10085

Which password managers can Push detect?

Push can detect the use of the following password managers:

  • Chrome’s built-in password manager

  • Firefox’s built-in password manager

  • Edge’s built-in password manager

  • Safari’s built-in password manager

  • Opera’s built-in password manager

  • Brave’s built-in password manager

  • Arc’s built-in password manager

  • Bitwarden

  • Lastpass

  • Dashlane

  • Okta SWA

  • 1Password

  • Keeper Security

Push can also detect when a password was copy-pasted from an external application, noted as a Clipboard paste in the admin console. If Push observes a password manager in use but cannot identify it, the account slideout will show Unknown password manager.

You can opt to receive notifications when Push observes employees who are not using a password manager by enabling the security team ChatOps topic for Security findings > Password manager not in use. Note that for the purposes of raising a ChatOps notification, Push will treat a Clipboard paste as a password manager because many password managers support copy-pasting from a vault.

You can also receive webhook events for login activity observed by Push, which include details on password manager usage.

Need more help?
Questions, feedback, tech support, sales support - anything you need.
We’ll get back to you within a day.