‘Password Alert’ Google develops its own Chrome extension to tackle phishing attacks
No matter how cultured your security is, the biggest danger is always the same: users submitting their passwords by clicking the wrong links to the wrong websites. It is an awkward problem to solve, but Google has come up with a new concept to tackle it. Today, the company is announcing a new Chrome extension called Password Alert, created to serve as an early warning system against phishing attacks. “Phishing should be a real concern for everyone — journalists, activists, companies, or individuals,” says Justin Kosslyn, a product manager at Google Ideas. “This is a useful and quiet line of defense against a real challenge.”
/cdn0.vox-cdn.com/uploads/chorus_asset/file/3653462/phishing_caught.0.png "'Password Alert' Google develops its own Chrome extension to tackle phishing attacks")
The extension works by examining a hashed version of your password in contrast to any string of characters you key into the browser. For example, you have entered your Google password in an non-Google website, it will redirect you to a warning page, indicating that something has gone wrong. (The user may also be using their Google password for more than one account, which may be a lesser security risk, but it will still remain a problem). Since Password Alert only keeps the hashed version of your password, it can carry out the check without revealing your actual password at any extra risk. Anyone managing a Google for Work account can also make Password Alert compulsory across their domain. The moment the employee gets an notification, the administrator will be simultaneously alerted of the same.
The biggest drawback is that Password Alert scans a password only after it is successfully submitted. As a result, the user will only be notified after the password has been successfully phished. (If it ran the scan any earlier, it would be logging everything you inputted into your computer, an even bigger security risk). Even then, a late alert will give users time to change their passwords and shut down their accounts. It should be easy to change password for the users with two-factor validation before the hackers can make use of it.
Password Alert could also help strengthen the security outside of Google accounts. The current extension is made to combine with Google’s password system; however, since the code is open source, it makes it easy to adjust the code to other systems. “We hope that the open-source scales Password Alert to provide additional security to internet users,” says Kosslyn. “Today’s launch is just a starting point.”
If you think Password Alert is the extension for you, you can download it here.
