海角大神

Skip to footer

Google鈥檚 new Password Alert tool works to prevent phishing attacks

Password Alert, an extension for the Chrome Web browser, will let you know if you've typed your Google password into a non-Google site. Password Alert will then prompt you to change your password so that it doesn't fall into the hands of thieves.

|
Arnd Wiegmann/Reuters
Google's Password Alert tool helps keep you safe from phishing attacks by letting you know if you've entered your password into a non-Google site. Here, the Google logo is seen at the company's engineering center in Zurich, Switzerland.

Security experts have established all sorts of best practices for keeping online passwords secure: pick a string of characters that鈥檚 not easy to guess, don鈥檛 use passwords based on dictionary words, don鈥檛 write your passwords down, don鈥檛 reuse passwords across different sites 鈥 the list goes on. But most people simply don鈥檛 have the mental bandwidth to remember dozens of different passwords for the different sites they use, and as password management聽tools such as LastPass and 1Password haven鈥檛 caught on widely, many of us reuse the same password on many different web sites.

But by recycling passwords, we鈥檙e making ourselves easier prey for 鈥減hishing鈥 attacks. A phishing attack occurs when a bogus email or Web site tricks us into giving up our username and password by posing as a service we use everyday. If you鈥檝e ever gotten an email purporting to be from eBay or PayPal, asking that you log in to address a vaguely defined problem with your account, it was probably a phishing attack.

On Wednesday Google released , an extension for the Chrome Web browser that will help defend against phishing attacks by saving careless Internet users from themselves. Password Alert will let you know if you type your Google account password into a non-Google site, and will prompt you to change your password immediately if that happens.

If you鈥檙e a Gmail user, your Google password is particularly important, because a hacker can gain access to most of your other accounts if he or she gains access to your email. In most cases, it鈥檚 as simple as clicking the 鈥淔orgot your password?鈥 link on a login page. The site will send a reset password to your email account, which the hacker can then intercept. Password Alert will give you a heads-up that you鈥檝e typed your password into an unsafe site, giving you time to change it before the bad guys do.

Password Alert also automatically checks the code of sites you鈥檙e visiting so it can determine whether a particular page is masquerading as a Google login page. If it notices one, it鈥檒l warn you so you don鈥檛 get tricked into sharing your credentials.

Password Alert stores your Google password through what鈥檚 called a hash: a combination of your password and an additional string of characters that allows the sensitive data to be stored securely. That allows it to check the passwords you enter on different web sites against the hashed password in its database, and to alert you if it notices that you鈥檝e entered your Google password on a non-Google site.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
海角大神 was founded in 1908 to lift the standard of journalism and uplift humanity. We aim to 鈥渟peak the truth in love.鈥 Our goal is not to tell you what to think, but to give you the essential knowledge and understanding to come to your own intelligent conclusions. Join us in this mission by subscribing.
QR Code to Google鈥檚 new Password Alert tool works to prevent phishing attacks
Read this article in
/Technology/2015/0429/Google-s-new-Password-Alert-tool-works-to-prevent-phishing-attacks
QR Code to Subscription page
Start your subscription today
/subscribe