Password Alert, Google’s new form of defense against Phishing

9807517_sGoogle recently launched a new extension for the massively popular web browser, Chrome. This open source program called “Password Alert” is designed to prevent phishing attacks by warning users when they enter their Google login credentials on an illegitimate page. The source code for the software is available at GitHub and can be used by both home and business users. This tool is a response to a Google research which found phishing to be a potent attack vector.

Phishing, a powerful and pervasive threat

A combination of research and surveys conducted by Google and the University of California, San Diego has revealed that not only are phishing attacks very common, they are also very successful. According to the findings:

  • The most effective phishing attacks have a success rate of 45 percent!
  • 2 percent of all Gmail messages are traps that attempt to make users spill out their passwords.
  • There are also millions of scam and phishing emails being sent every single day.

The statistics clearly depict that the threats posed by phishing are extensive. Password Alert is Google’s response to these threats. Fighting such a large scale threat requires universal tools but considering the popularity of both Chrome and Google accounts (almost everyone has one), a powerful software that prevents Google account information falling into the wrong hands can be very useful.

How Password Alert prevents Phishing

The extension Password Alert works by remembering a “scrambled version” of the user’s password. This data is securely stored and whenever the user attempts to enter the same password on a page that is not authorized by Google, the extension pops up a warning, as seen below.

Password Alert, source -http://googleonlinesecurity.blogspot.co.uk/

This way several Phishing attempts can be thwarted. The tool also encourages users to use different passwords for different sites, which is a good security practice.

It is important to remember though, that this tool is designed only to protect your Google login information. Important credentials for banking websites, other email clients and services are still at risk. However, several people also use their Google accounts to log into other websites (many services allow that these days), in which case this browser extension can be very effective. It is already available and can be easily downloaded from the Chrome webstore.

Although we welcome the use of this great tool by Google, it is still advisable to enter any login information with caution, and use solid web protection.

Have a nice (phishing-free) day!