Today, security engineers at Google announced the release of a new browser extension aimed to help users better protect their Google accounts against phishing attacks. Known as Password Alert, the free, open-source Chrome extension works by alerting users when they enter their passwords into any non-Google site. “Once you’ve installed and initialized Password Alert, Chrome will remember a ‘scrambled’ version of your Google Account password,” read the Google blog post. If a user types the same Google password into a site that isn’t a Google sign-in page, the extension will generate a notice, alerting the user to reset his or her password or simply ignore the message.
“This protects you from phishing attacks and also encourages you to use different passwords for different sites, a security best practice,” wrote Drew Hintz, Google Security Engineer and Justin Kosslyn at Google Ideas. The extension is also available for Google for Work users, including Google Apps and Drive for Work. Hintz and Kosslyn added this feature would help spot malicious attackers attempting to access employee accounts. Administrators can install the extension for all users in their domain, and enable password alert auditing, send email alerts, and force end-users to change their Google password if entered into a non-trusted website. The release of the tech giant’s new plugin comes after findings from multiple studies demonstrating phishing continues to be leveraged as a tried-and-true tactic for attackers to gain unauthorized access. As Google noted:
- The most effective phishing attacks can succeed 45 percent of the time, and
- Nearly 2 percent of messages to Gmail are designed to trick people into giving up their passwords;
- Various services across the web send millions upon millions of phishing emails, every day.
You can install the Chrome extension from the Chrome Web Store, or to deploy it in your Google for Work enterprise, follow the deployment guide.
