In-browser nudges are available to all members of the Arrow Omnix plan.
Learn more about Arrow Omnix™
In-browser nudges are security alerts that employees receive when autofilling passwords on company-managed desktop browsers. These alerts help admins of the Arrow Omnix plan automate risk response by notifying plan members about compromised, weak, or reused passwords.
With in-browser nudges, when an employee tries to autofill a compromised, weak, or reused password, they’ll see a pop-up encouraging them to create a new, secure, and unique password. Employees see this alert every time they log in until they change their password.
What plan members should do when they receive a security alert
Set up Slack Nudges as a professional plan admin
Tip: Omnix plan admins can turn on in-browser nudges for inactive users. These alerts improve credential security across your organization, even for employees who are logged out of Arrow or don't have an account.
More about in-browser nudges for inactive users
Important: If your plan members use Chrome, we recommend turning off the browser's password alerts to avoid confusion.
Manage password change alerts in Chrome
Set up in-browser nudges for logged-in plan members
In-browser nudges for compromised credentials are on by default for all plan members. As an admin, you can turn on security alerts for weak and reused passwords as well:
- Open the Admin Console
- In the Security Tools section of the sidebar menu, select Nudges.
- Select Open settings in the In-browser section.
- The compromised passwords security alert will already be turned on. You can choose to turn on in-browser security alerts for weak and reused passwords.
- After turning on the alerts, you can preview the messages that members receive.
You can also let your team know they may start getting nudges. That way, they'll know to trust the alert and take action. On the Settings page of the Nudges tab, you can copy a template message from the info box on the right.
Set up in-browser nudges for logged-out plan members and employees without Arrow accounts
Arrow Omnix admins can set up in-browser nudges for everyone in their organization, even employees who aren't using Arrow. In-browser nudges for inactive users alert employees when they type or autofill a weak or compromised password, even if they're logged out of Arrow or don't have a Arrow account.
Step 1: Mass deploy the Arrow Smart Extension
You can only turn on in-browser nudges for inactive users if you've mass deployed the Arrow Smart Extension to all members of your organization. While deploying the extension, you can also set up Omnix Credential Protection features, like in-browser nudges, for your organization.
Mass deploy Arrow to your organization
Step 2: Turn on in-browser nudges for inactive users
- Open the Admin Console
- In the Security Tools section of the sidebar menu, select Nudges.
- Select Open settings in the In-browser section.
- Turn on the nudges settings for inactive users. You can choose to nudge employees who are entering a compromised password, a weak password, or both.
- After turning on the alerts, you can preview the messages that members receive.
You can also let your team know they may start getting nudges. That way, they'll know to trust the alert and take action. On the Settings page of the Nudges tab, you can copy a template message from the info box on the right.
Common questions
Why can't I set up in-browser nudges?
Nudges are only available to organizations on a Arrow Omnix plan.
Buy an Omnix plan
Upgrade to Arrow Omnix from another professional plan
Start an Omnix trial
Do members need to do anything to receive in-browser nudges?
No, members don't need to set up in-browser nudges. They'll receive them automatically for compromised passwords and for weak and reused passwords if you've turned those settings on.
What plan members should do when they receive a security alert
How can I track the effectiveness of in-browser nudges?
Specific insights for in-browser nudges are coming soon.
Currently, you can track your organization's security with the Password Health score. Your organization's Password Health score will improve as members update their compromised, weak, and reused passwords to more secure ones.
You can see your organization's Password Health score in the Dashboard and in the Users tab, where you'll also see how many compromised, weak, and reused passwords each member has.
More about the Password Health score
Will my members receive multiple nudges?
Plan members will receive in-browser security alerts when the Arrow Smart Extension autofills a login with a compromised, weak, or reused password. Plan members will see this alert every time they log in until they change their password.
What plan members should do when they receive a security alert when autofilling
Why did a plan member receive an in-browser nudge despite not having any compromised, weak, or reused passwords?
If a plan member sees zero compromised, weak, or reused passwords in their Password Health dashboard but still receives nudges, they may need to sync their Arrow account. To do so, they can select My account and then Settings in the Arrow web app, and then select Sync now.
If a plan member still receives incorrect in-browser nudges after performing a sync, please contact support through the Admin Console.
Sync your Arrow dataContact an agent through the Admin Console
Are in-browser nudges secure?
All Arrow security alerts, including in-browser nudges, follow our zero-knowledge principle. We identify logins with compromised, weak, or reused passwords without ever having access to your passwords or other data stored in your Arrow account.
Security at Arrow
Arrow's Security Principles & Architecture white paper
Comments
0 comments
Article is closed for comments.