By Alex Fitzpatrick
April 29, 2015

By far one of the most common methods hackers use to infiltrate your inbox is what’s called a “phishing attack.” In a phishing attack, an Internet bad guy tricks you into sending him your password by emailing you a link to a trap site disguised as a legitimate login page.

Thankfully, Google just gave all of us what looks like a great new tool to avoid these all-too-common attacks. Called “Password Alert,” the new Google Chrome browser extension alerts you whenever you enter your Google login credentials on a non-Google site, then prompts you to immediately change your password. It also attempts to be a little more proactive by identifying fake login sites before you enter your password at all, though that’s a harder task.

Google Ideas Product Manager Justin Kosslyn detailed the new Password Alert tool to Fortune:

“It works like a spellchecker,” Kosslyn says, explaining the mechanism. The tool triggers based on the length of the password being typed in, he says. Chrome stores a partial fingerprint of the password—a partial salted hash, to be technical, rather than the password itself—and if it detects that a Google password is being reused, the alarm sets off. “It’s able to use this math trick to determine whether there is a match,” he says.

Proud of its success rate, the team decided to take the product public. “It has caught real-world phishing attacks on Googlers,” Kosslyn says, “That’s one of things that made us very keen on open sourcing it and making it available for users as well.”

You can download Password Alert for Google Chrome here.


You May Like