What is the Push browser extension and what does it do? (For admins)

Why do I need to install the browser extension?

The Push browser extension gives you visibility of what SaaS platforms your employees are accessing via their browser and how securely they are interacting with them. 

By collecting this data you are able to see via the Push platform:

  • What SaaS platforms your employees are logging into using usernames and passwords.

  • Whether they are using strong passwords and a password manager.

  • Whether they are sharing passwords between SaaS accounts.

In the future, you will be able to see:

  • Whether they are using MFA.

  • Whether your employees are entering their SaaS account credentials into a spoof phishing website.

  • Whether they are using the most up-to-date version of their browser.

Based on the information the Push browser extension collects, you can identify security issues that present a risk to your business and guide your employees to fix them using the ChatOps feature.

How does the browser extension work?

Once installed, the extension sits in the background of your employees’ browsers and collects the following data:

Browser information:

  • The name of the browser.

  • The version of the browser.

  • The OS name.

  • The version of the Push browser extension installed.

When logins occur into SaaS applications using corporate accounts, the following is collected:

  • The platform URL.

  • The account username.

  • A shortened salted hash of the password is stored locally in the browser - but not sent anywhere.

  • If the password is shared with any other accounts by the user. This check is performed locally within the browser and no comparisons are done server-side.

  • Whether the password was entered manually or auto-filled/pasted.

When an employee is on a Microsoft or Google app integration page (OAuth integration):

  • The platform the app was observed on.

  • The app identifier.

  • The grant type requested.

  • The reply URL.

  • The scopes requested.

The browser extension collects anonymized performance and error tracking data using Sentry.

Here are some examples of how the browser extension collects data:

Browser data:

{
    "browserId":"d732c61e-35ea-3bdf-27cd-d37a3fadf6f9",
    "checkinDetails":{
        "browserName":"CHROME",
        "browserVersion":"100.0.4896.75",
        "operatingSystemName":"MACOS",
        "extensionVersion":"1.4.16"
    }
}

Login data:

{
    "browserId":"d732c61e-35ea-3bdf-27cd-d37a3fadf6f9",
    "platform":"TRELLO",
    "username":"person@company.com",
    "weakPassword":true,
    "passwordChanged":false,
    "passwordManuallyTyped":false,
    "trackedAccounts":[
        {
            "username":"person@company.com",
            "platform":"GITHUB",
            "lastLogin":"2022-03-17T14:25:55.000Z",
            "samePassword":false
        },
        {
            "username":"person@company.com",
            "platform":"GOOGLE_WORKSPACE",
            "lastLogin":"2022-04-04T07:49:00.000Z",
            "samePassword":true
        },
    ]
}

Privacy and security 

The browser extension is configured to only monitor logins into work applications where your employees are using their work email address. Logins using personal email addresses are not monitored by the browser extension.

If your employees want to ensure even further privacy, they can create a separate work profile in their browser and install the extension there. This allows them to separate their browsing for work and personal use. The extension will never send their passwords anywhere.

For more details about how the Push extension securely tracks reused passwords, refer to this related knowledge article.

Version updates 

When new versions of the Push browser extension are released, it is automatically updated without any actions being required of you or your employees.