Password Alert: official Google Chrome extension to protect against phishing - gHacks Tech News

Password Alert: official Google Chrome extension to protect against phishing

Google has just released Password Alert, a browser extension for the company's Chrome browser that helps protect against phishing attacks targeting Google accounts.

Phishing, attacks aimed at stealing information such as login data or credit card information from Internet users, is a huge problem on the Internet.

Companies like Google have added security features to their services to improve the overall protection of accounts and make it harder for attackers to steal and use account related information.

Those methods are optional most of the time though. You can enable two-step authentication for instance for your Google account which adds another layer of protection during sign in.

Password Alert is another attempt to improve protection against phishing attacks. The extension warns users who have it installed if they have entered login related data on fake Google sign-in pages.

This is done by scanning pages with Google sign-in forms to find out if they are legitimate or not. One way of finding that out is whether you are entering the data on accounts.google.com or a third-party site.

If the latter is the case, the warning is displayed.

password alert google

If you do enter the password and proceeded with the sign in, you get a notification that informs you that your password was exposed on a non-Google login page.

Google recommends to reset the password in this case to keep the account secure. There is an option to do so right when the prompt is displayed. Alternatively, you can select to ignore the warning this time which may be useful if the service is legitimate.

To get started, you need to sign in to your Google account after installing the extension. Password Alert saves a hash of the file which it then compares to passwords that you enter on all sites that you sign in but on accounts.google.com.

This is done to find out if the Google account password was entered. If that is the case, the warning is displayed.

Note: If you use the same password on multiple accounts you will get the warning even if you sign in with a non-Google account.

Password Alert works for home users and Google Apps for Work users. The Google Apps administrator needs to deploy Password Alert across domains using Chrome policies though before it becomes available.

To use Password Alert, the password needs to have a length of at least eight characters.

Google Chrome ships with Safe Browsing which blocks known phishing sites in the browser. Password Alert adds another level of protection to Chrome as it informs you about potential attacks even if the phishing site you just visited is not in the Safe Browsing database. This is usually the case when it is too new and has not yet been reported or analyzed.

Verdict

There are other ways to make sure you enter passwords only on the right sites. A password manager for instance can ensure that as it will fill out login forms only on the right site.

You may also be able to detect phishing attacks by checking urls before you start to enter any data on sites. While that may not be 100% accurate as there are attack forms such as hacked sites, it is usually a good indicator.

If you are a Chrome user and use Google services regularly, then you may find Password Alert useful as an extra layer of protection. (via Caschy)

Update: It took security researches less than a day to come up with a method to bypass the protection that Password Alert provides.

Summary
software image
Author Rating
1star1stargraygraygray
no rating based on 0 votes
Software Name
Password Alert
Landing Page

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Bobby Phoenix said on April 29, 2015 at 2:42 pm
    Reply

    Am I missing where the link is to the extension?

    1. Martin Brinkmann said on April 29, 2015 at 2:52 pm
      Reply

      In the summary box after the article.

  2. Donetta said on April 30, 2015 at 12:18 am
    Reply

    Look, for some reason I forgot my password to my Facebook account. And it can’t send me a code with out it. Please help!

  3. Kervin Vergara said on April 30, 2015 at 4:28 pm
    Reply

    Greetings! Why I don’t see the blog images?

    1. Martin Brinkmann said on April 30, 2015 at 5:24 pm
      Reply

      If you are using HTTPS Everywhere, turn off Ghacks with a click on its icon.

  4. DVD Rambo said on May 1, 2015 at 2:42 pm
    Reply

    Version 1.4 was released that patches a vulnerability in version 1.2 that removed the helpful warning after 5 ms, so you never see it. If you installed Password Alert already, check the version that you have in Chrome and update if needed.

    1. DVD Rambo said on May 1, 2015 at 7:18 pm
      Reply

      Version 1.4 was hacked with only three lines of code, and quickly. I’m deleting this extension as it appears to be of no value at this time.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.