On Wednesday, Google has announced the release of a new Chrome browser extension "Password Alert" designed to protect its users from phishing attacks. This is free and open-source Chrome extension that protects your Google and Google Apps for Work Accounts. Normally Phishing login page is fairly like standard login page, but it’s not. If you type your password here, attackers could steal it and gain access to your Google Account—and you may not even know it.
This is a common and dangerous trap and the most effective phishing attacks can succeed 45 percent of the time, nearly 2 percent of messages to Gmail are designed to trick people into giving up their passwords, and various services across the web send millions upon millions of phishing emails, every day.
Once you’ve installed and initialized Password Alert, Chrome will remember a “scrambled” version of your Google Account password.
It only remembers this information for security purposes and doesn’t share it with anyone. If you type your password into a site that isn't a Google sign-in page, Password Alert will show you a notice like the one below. This alert will tell you that you’re at risk of being phished so you can update your password and protect yourself.
Password Alert is also available to Google for Work customers, including Google Apps and Drive for Work. Your administrator can install Password Alert for everyone in the domains they manage, and receive alerts when Password Alert detects a possible problem.
This can help spot malicious attackers trying to break into employee accounts and also reduce password reuse.
Password Alert Server Requirements
You’ll need the following items before you install Password Alert:
- Google Apps for Work — You'll need to be able to use Chrome App Management and the Google Admin SDK. You'll use these services to deploy the extension and to force password resets.
- Google App Engine — You need experience installing Google App Engine applications. The Password Alert Server application will need to be hosted on the Google App Engine.
- Access to github — You’ll need to be able to access github to acquire the Password Alert pre-built Server application files. You can also choose to compile and view the source code.
- Access to the Chrome Web Store — You’ll need to be able to access the Chrome Web Store to install the Password Alert Chrome extension.
