Affiliate Disclosure: By buying the products we recommend, you help keep the lights on at MakeUseOf. Read more.
“Phishing” entered the Oxford English Dictionary in 2005, and for good reason: it’s a major online security nightmare that users should be well aware of. Check out these scary facts by Google:
- Phishing attacks succeed 45 percent of the time.
- Nearly 2 percent of Gmail messages are designed to trick people into giving up their passwords.
Earlier this year, even Google Docs was targeted in a massive phishing attack. That just goes to show the high-stakes war we have to fight with cybercriminals every day. You don’t know when you will be ambushed next. You need every tool at your disposal.
Google has a sophisticated security system that does its job behind the scenes, but there’s also an official Google extension that
could be should be another line of defense.
Password Alert is a quick install from the Chrome Web Store. After the installation, the open-source extension stands guard on your Google and Google Apps for Work Accounts (also Google Drive) and protects them from phishing attacks.
The extension validates an actual Google sign-in page. If you type your Google password into a site that isn’t a Google sign-in page, the extension will display an alert and warn you about the dubious webpage.
Thanks to the warning, you can quickly change the password you just entered on the fake page. That’s why you should get into the habit of using a different password for every site. Then, it won’t be such a pain to change the compromised password across all the sites you sign into.
How does Password Alert remember your password?
The extension is not a keystroke logger. Chrome keeps a scrambled reduced-bit thumbnail of your password in Chrome’s local storage. It then compares this thumbnail to each password you enter on any website other than accounts.google.com. If you type your password into a site that isn’t a Google sign-in page, Password Alert compares it against the saved thumbnail.
This information for security purposes only and Google doesn’t share it with anyone.
What other features have you set up? Do you use two-factor authentication and conduct a security checkup regularly?
Image Credit: wk1003mike via Shutterstock