Password Alert: Google’s New Chrome Extension to Protect Against Phishing Attacks

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Today, security engineers at Google announced the release of a new browser extension aimed to help users better protect their Google accounts against phishing attacks.

Known as Password Alert, the free, open-source Chrome extension works by alerting users when they enter their passwords into any non-Google site.

“Once you’ve installed and initialized Password Alert, Chrome will remember a ‘scrambled’ version of your Google Account password,” read the Google blog post.

If a user types the same Google password into a site that isn’t a Google sign-in page, the extension will generate a notice, alerting the user to reset his or her password or simply ignore the message.

phishing_caught-800x450.png


“This protects you from phishing attacks and also encourages you to use different passwords for different sites, a security best practice,” wrote Drew Hintz, Google Security Engineer and Justin Kosslyn at Google Ideas.

The extension is also available for Google for Work users, including Google Apps and Drive for Work.

Hintz and Kosslyn added this feature would help spot malicious attackers attempting to access employee accounts. Administrators can install the extension for all users in their domain, and enable password alert auditing, send email alerts, and force end-users to change their Google password if entered into a non-trusted website.

Read more: http://www.tripwire.com/state-of-se...xtension-to-protect-against-phishing-attacks/
 

Paulky

Level 1
Verified
Apr 27, 2015
19
Different passwords for different sites.Users do not like it.
 
Last edited by a moderator:

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
Another alternative to this is just to use lastpass and enable the checkbox that says notify when keying in credentials into insecure login, I think most phishing sites would fail the test and the user would get notified before their credentials are even sent into the phishing site's database. Prevention is better than cure!
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top