Many people take online security seriously (we recommend using 2 factor authentication everywhere you can), but there are those that for whatever reason still use just a standard password for everything. Lots more people, including the security-minded also use the ‘sign in with google’ or ‘sign in with facebook’ options many websites offer to make sign-in easier.
Unfortunately, there are people out there who would rather make a quick buck stealing personal information and one of those ways is to create a website that looks similar to another popular website, yet uses their own login scheme designed to look like Google’s or Facebook’s. Today, Google has helped put a stop to this type of phishing attack with the release of a new Chrome extension, called Password Alert.
The extension works by comparing a hashed copy of your Google password to any character your input into the browser. If it finds you’ve entered your password to a non-Google site, you will be sent to a warning page. Of course, some people use the same password for every account (not recommended either), so these people might also get a warning from time to time.
Since this extension only uses a hashed copy of your Google Password, your actual password is never exposed and there is no increased risk involved. Those using a Google for Work account can also make the service mandatory across their domain, sending the admins alerts along side the user. The down size to Password Alert is that it can only scan a password that’s already been submitted, so the alert will only be displayed or sent after they’ve been phished — checking earlier would open a bigger security hole, but still a late warning is better than no warning.