Hendren Global Group Top Facts Forum Google Chrome extension 'Passw..
Google Chrome extension 'Password Alert' helps protect your Google account from phishing attacks8 Years AgoSecurity breaches is one of the
most alarming issue happened in the recent years. Even though how many times Hendren
Group Global Facts warns the public not to open suspicious emails, and
click on the links and open the attachments inside it, people are still
clicking and unsuspectingly handing their personal information to hackers.
No matter how sophisticated your
security is, there is always a possibility of becoming a victim to this simple
phishing scheme. It's a difficult problem to solve, but Google has a new
solution for you and other Chrome users that might help you avoid serious data
loss.
The search giant recently released
a new Chrome extension, dubbed Password Alert, designed to serve as an early
warning system against phishing attacks wherein it can detect if you're using
your Google password on any non-Google site.
Product manager of Google Ideas,
Justin Kosslyn said that phishing should be a real concern for everyone. He
also defined the project as a useful and quiet line of defense against a real
challenge.
If the extension detects that you
have entered your Gmail password to anywhere other than accounts.google.com, it
will redirect you to a warning page and will tell you that your password was
just exposed and you should immediately reset your password to keep your Gmail
account secure. You can ignore the alert if you are sure you've not been
hacked. Gmail users can also mute website alerts.
Because Password Alert only keeps
the hashed version of your password, it can execute the scan without revealing
your actual password to any further risk. Any individual using Google for work
account can also make a Password Alert mandatory across their domain. Each time
an employee gets an alert, same goes with the administrator.
Here is the bad news, Password
Alert biggest weakness is that it can only scan a password that has been
successfully submitted, so the user will only be alerted after they have been
successfully phished. However, even a late warning will give users the chance
and time to change their passwords and lock down their accounts before any
damage is done. For users with two-step verification, it should be easy to
change the password before the attackers can exploit it.
The extension could also heighten
security outside of Google accounts. It is built to integrate with Google's
password system, but the code is open source, so it should be easy to adapt the
code to other systems.
Kosslyn states that they hope the
open-source community scales Password Alert to provide additional security to
internet users.
Google increased its security
practices in October with the release of Security Key. If you are making use of
Google's 2-step verification method, you can choose Security Key as your
primary method, rather than having verification codes sent to your phone. With
Security Key, you can simply insert your Security Key into your computer's USB
port when requested. Security Key provides better protection against phishing
attacks, because it uses cryptography instead of verification codes and automatically
works only with the website it's supposed to work with. |