Snowflake: Three practical takeaways // Register Now

Ready to help

How does Push determine if an employee is using a password manager?

Push can observe whether someone is manually typing their passwords into password entry fields via the Push browser extension. This is a high-fidelity signal that they are not using a password manager to autofill their passwords.

For a given employee, Push checks whether a password was manually typed for 4 out of the last 5 observed logins. If so, a finding is created for that employee. You can see this type of finding on the Employees page by using the filter and then selecting Findings and the finding type of Password manager not in use.

Password manager Findings filter - KB 10085

If you've enabled the security team ChatOps topic for Security findings related to password manager use, you'll also get a notification about the finding.

At the account level, you'll be able to see a keyboard icon on the account details pane and a tooltip label of Password was manually typed for that account.

Password manually typed - KB 10085

You’ll see a badge icon and a tooltip label of Password manager used if the extension detects that a password was not manually entered.

The badge or the keyboard icon is set by the last observed login for that account.

Password manager used icon on account details pane - KB 10085

Note: If someone copy and pastes a password into an entry field, the browser extension is not able to distinguish this behavior from the use of a password manager (or any other autofill method), and the Push admin console will also label that usage as Password manager used.