Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Agent_Smith
Contributor

Password Keepers

The firewall is indicating that users are taking advantage of 1Password and Lastpass in the form of a browser plugin. How do I see if they are using them on personal sites or company urls. I want to prove if they are saving company passwords to personal password managers.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

Not aware of a way to prove this from the network side of things. 
Having said that, controlling the browser plugins used by end users is something organizations typically do (e.g. allow only specific approved ones).

0 Kudos
the_rock
Legend
Legend

Do you have any log example you can attach? If yes, just blur out any sentisive data.

Andy

0 Kudos
Lesley
Mentor Mentor
Mentor

You cannot see this with a firewall. It would require HTTPS inspection and all the plain data to be readable for you. Then somehow collect this data what is inside this extension. 

From my point of view you should either block these types of extensions (can be done via GPO) or allow them. I would allow them and provide a tool managed by the company. Reason for that is, if a user is not allowed to use a password management tool the user will most likely write down the passwords on a piece of paper or put it in a plain text file on the desktop. Also it will force the user to use more easy passwords and reuse old passwords (just change 1 number and add up every reset). Last reason is that with a password tool a user is more likely to use a different password for different websites. Instead of 1 easy to remember password for all websites. 

 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend

I was thinking maybe QUIC protocol, but probably not. Cant recall now if there are any browser logins that could be blocked via ssl inspection policy, but will check in the lab later.

Andy

0 Kudos
the_rock
Legend
Legend

I think this is actually really good response from AI copilot, but it involves harmony endpoint.

Andy

**************************

To monitor and prevent the use of corporate passwords on personal sites, you can use the Password Reuse Protection feature in Harmony Endpoint. This feature alerts users and logs incidents when corporate passwords are used on non-corporate domains. Here’s how you can set it up:

Steps to Configure Password Reuse Protection

  1. Access the Policy Settings:

    • Go to Policy > Threat Prevention > Policy Capabilities.
  2. Select the Rule:

    • Select the rule set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.
  3. Navigate to Web & Files Protection:

    • In the Capabilities & Exclusions pane, select Web & Files Protection.
  4. Configure Credential Protection:

    • In the Web & Files Protection tab, scroll down to Credential Protection.
    • Under Password Reuse, select a mode:
      • Prevent mode: Blocks the user from entering the corporate password and opens the blocking page in a new tab. If you enable Allow users to dismiss the password reuse alert and access the website, then it allows the user to dismiss the blocking page and continue to enter the corporate password.
      • Detect mode: The system does not block the user from entering the corporate password. If a user enters the corporate password, it is captured in the Harmony Browse logs.
      • Off: Turns off password reuse protection.

Example Configuration

Prevent mode - Blocks the user from entering the corporate password and opens the blocking page in a new tab. If you enable Allow users to dismiss the password reuse alert and access the website, then it allows the user to dismiss the blocking page and continue to enter the corporate password.

Notes:

  • Detect mode: The system does not block the user from entering the corporate password. If a user enters the corporate password, it is captured in the Harmony Browse logs.
  • Off: Turns off password reuse protection.

Additional Information:

  • This feature is not supported with Safari and Internet Explorer browser extensions.
  • Ensure that the browser extension is installed and configured correctly for Chrome or Edge browsers.

By enabling and configuring the Password Reuse Protection feature, you can monitor and log incidents where corporate passwords are used on personal sites, helping you to prove if users are saving company passwords to personal password managers like 1Password and LastPass.

BE AWARE
Important - To prevent negative impact on your production environment, double-check the provided information in the Administration Guide for the involved product.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events