Google have just released a new extension called ‘Password Alert’. The aim of the addon is to prevent phishing attacks against your Google account, it will ensure that you only login to your Google account from the accounts.google.com site.
Installing the addon is dead simple, just head over to the Chrome Web Store and install the extension. Once it is installed you will be prompted to login, from then on it will make sure you don’t try to login where you shouldn’t.
It’s unclear why Google hasn’t built this functionality directly into Chrome or whether they have it planned for a future release. Until the time comes that it is integrated into Chrome it won’t hurt to install this addon.
A practice that you will have heard repeated over and over is that you should use a different password for different sites. With this addon Google will make you change your Google password if it notices you use the same login details on other sites, even if they’re legit.
The Password Alert addon stores a scrambled version of your password. To keep the password secure it doesn’t share it with anyone or other applications.
If you were to enter you account details on a fake site or a site where you use the same login as your Google account you receive the following message: “Reset your Gmail password Your Gmail password was just exposed to a non-Gmail login page. You should immediately reset your password to keep your Gmail account secure. Also, please make sure your Gmail password is not reused on other services.” The message is followed by two buttons, one to go reset your password and another to ignore the warning.
Password Alert is also available to customers of Google for Work. Administrators can install the addon on the domains they operate and whenever their users enter their details on a potentially fake site the admins will get notified to try and prevent a malicious attack.
In future versions of this addon Google plans to allows you to monitor other passwords you use on other sites. Hopefully this plugin will also be released across other browsers as too many people, novices and experts alike, fall victim to phishing attacks.