Password Alert, Google’s new form of defense against Phishing

9807517_sGoogle recently launched a new extension for the massively popular web browser, Chrome. This open source program called “Password Alert” is designed to prevent phishing attacks by warning users when they enter their Google login credentials on an illegitimate page. The source code for the software is available at GitHub and can be used by both home and business users. This tool is a response to a Google research which found phishing to be a potent attack vector.

Phishing, a powerful and pervasive threat

A combination of research and surveys conducted by Google and the University of California, San Diego has revealed that not only are phishing attacks very common, they are also very successful. According to the findings:

The statistics clearly depict that the threats posed by phishing are extensive. Password Alert is Google’s response to these threats. Fighting such a large scale threat requires universal tools but considering the popularity of both Chrome and Google accounts (almost everyone has one), a powerful software that prevents Google account information falling into the wrong hands can be very useful.

How Password Alert prevents Phishing

The extension Password Alert works by remembering a “scrambled version” of the user’s password. This data is securely stored and whenever the user attempts to enter the same password on a page that is not authorized by Google, the extension pops up a warning, as seen below.

Password Alert, source -http://googleonlinesecurity.blogspot.co.uk/

This way several Phishing attempts can be thwarted. The tool also encourages users to use different passwords for different sites, which is a good security practice.

It is important to remember though, that this tool is designed only to protect your Google login information. Important credentials for banking websites, other email clients and services are still at risk. However, several people also use their Google accounts to log into other websites (many services allow that these days), in which case this browser extension can be very effective. It is already available and can be easily downloaded from the Chrome webstore.

Although we welcome the use of this great tool by Google, it is still advisable to enter any login information with caution, and use solid web protection.

Have a nice (phishing-free) day!

 

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

 

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next