Browser Password Inspector

FAQ: Browser Password Inspector

Below are some commonly-asked questions about KnowBe4's Browser Password Inspector. If you don't see the answer you need, submit a ticket to our support team.

1. What permissions are required to run the BPI?

The Browser Password Inspector requires administrative rights on the local machine and will ask for the Active Directory credentials of the Domain admin user.

2. How does it work?

BPI deploys agents to target machines using file sharing and Service Control Manager on those machines. These agents check if Chrome, Firefox, or new versions of Edge are installed and attempt to retrieve the relevant password information saved by the browsers. If the agents succeed, they encrypt the results and pass them to BPI. That data is collected and presented by BPI on the results page or the downloadable PDF report.

At this time, BPI is not compatible with Microsoft Entra ID.

3. How are the terms weak, reused, and discrete being defined in BPI?

The table below provides definitions for the following terms:

Terms Definition
Weak Passwords A password that is currently present in different password databases publicly available on the Internet.
Reused Passwords A password, either weak or strong, that is being used to log on to more than one website.
Discrete Passwords A password that is individually distinct and consists of unconnected elements. These passwords are used for one website only.

4. How are the passwords determined to be weak?

BPI includes a database of more than 1.7 billion passwords collected from public resources. These passwords are often used by hackers to try to access computers.

5. Can I see what my users used as their password?

No. The passwords are hashed and cannot be displayed.

6. Why are only certain computers showing up in my list of computers?

If you do not see a certain computer, it could be because that computer is not in your Active Directory tree or the account performing the scan does not have the necessary permissions to retrieve the computer information from the target domain.

7. What does The network path was not found error message mean?

This error message means that the machine is offline, file and printer sharing is not enabled on the machine, the machine is unable to be reached from the system that BPI is installed on, or the reverse DNS call to the machine isn't working.

8. How long does it take for the test to finish?

On average, BPI takes under a minute to finish running the test. The time that it takes for the test to finish depends on the number of machines and user profiles that exist on each machine.

9. When can we see this work on Macs?

Currently there are no plans to support computers running on Mac OS.

10. Can you recommend a password manager?

KnowBe4 does not recommend software. However, there are several reputable providers and sites that offer opinions from other IT Professionals on the matter.

11. Does BPI keep files on my machines after the test is complete?

BPI deploys software agents to the targeted machines to complete its testing. The agents are installed before the scan and removed after the scan is complete, so they don't remain on the machines.

Can't find what you're looking for?

Contact Support