To improve credential sharing security, team administrators will want to prevent team members from saving shared credentials in their browser and logging into websites using http instead of https.  The Authomate browser extensions for Chrome and IE can check if password saving is enabled in the browser.  The Firefox and Safari browser extensions can only check the setting if the Authomate Agent is installed. 


Two options are provided to improve browser security with StrongPass. These options can be found in the Browser Extensions section on the Team Settings page. The first option defines the behavior when password saving is enabled in the browser.  The second defines whether to allow team members to use StrongPass when the login page is HTTP instead of HTTPS.  The Browser Extension will check both options when deciding whether or not StrongPass can be used to log in.




The Password Saving and HTTP Sites Options




Password Saving Options:


Block All will prevent team members from using StrongPass with any account credentials when password saving is enabled.


Block Use-Only will prevent team members from using StrongPass with credentials that have been assigned to them with Use-Only Permission when password saving is enabled in the browser. They may use StrongPass with their own credentials or credentials that have been shared with Full Permission as long as the HTTP Sites option also allows access.

Block None means the Browser Extension does not prevent team members from using StrongPass when password saving is enabled in the browser. They can use StrongPass with any credentials, regardless of whether password saving is enabled, as long as the HTTP Sites option also allows access.


HTTP Sites Options:


Block All will prevent team members from using StrongPass with any account credentials when an insecure site is being used (i.e. HTTP instead of HTTPS). 


Block Use-Only will prevent team members from using StrongPass with credentials that have been assigned to them with Use-Only Permission when an insecure site is being used (i.e. HTTP instead of HTTPS). They may use StrongPass with their
own credentials or credentials that have been shared with Full Permission as long as the Password Saving option also allows access.


Block None means the Browser Extension does not prevent team members from using StrongPass with HTTP login pages. They can use StrongPass with any credentials on HTTP login pages as long as the Password Saving option also allows access.


Safari and Firefox are dependent on the Authomate Agent to support the Browser Saving feature, if the agent is not installed, or it's too old to support this feature, then password saving is assumed to be enabled, and a warning message will be displayed until the Authomate Agent is installed or updated.