Tech giant Google recently launch a new extension for its Chrome browser that notifies user if they have mistakenly logged into phishing sites that aims to steal Google account passwords.
Password Alert, according to the company's official blog, is"a free, open-source Chrome extension that protects your Google and Google Apps for Work Accounts." Google Chrome users can install it from the Chrome Web Store.
Once installed and is running, it will ask users to log into their Google account and a "scrambled" or encrypted version of the user's password will be remember by Chrome for security purposes. If ever you typed in your password in a fake Google sign-in page, a notification page will appear telling users about what happened and to immediately reset the password.
It also advises users to practice the habit of changing passwords regularly and to not reuse passwords.
Administrators of Google for Work will find the new extension a great help in terms of monitoring accounts by installing it in the domains under their watch. The extension will notify administrators if attackers are trying to break into any of its employee accounts.
Google security engineer Drew Hintz reported that effective phishing attacks have a almost 50% success rate. In addition, about 2% of phishing attacks through Gmail are in the form of messages designed to deceive people to give their password unknowingly and are sent by the millions on a daily basis.
Hintz said that phishing attacks are vulnerabilities that cannot be fixed by releasing patches. This is why Google implemented a version of the Password Alert Chrome extension within the company about three years ago. Seeing that it was effectively enough to block phishing attacks, Google decided to make a version which is offered to Chrome users.
Upcoming version of Password Alert will go beyond Google accounts and include anti-phishing features for financial accounts, according to Wired.
While Password Alert is exclusively offered to Chrome browsers at the moment, developers can port it out to other web browsers since the open-source extension is already available on GitHub.
Just a few years ago, Google implemented its 2-step verification and Security Key tools to protect accounts. The former requires two independent factors for authentication - a password and a code - while the latter makes use of a FIDO Universal 2nd Factor (U2F) device that is plugged into a USB port.
