No matter how cultured your security is, the biggest danger is always the same: users submitting their passwords by clicking the wrong links to the wrong websites. It is an awkward problem to solve, but Google has come up with a new concept to tackle it. It has developed a new extension for its Chrome browser that aims to stop people from falling prey to phishing sites.
The free Password Alert extension stores an encrypted version of a person’s password and warns if it is typed into a site that isn’t a Google sign-in page, according to a blog post on Wednesday. It will then prompt a person to change their password.
The extension works by examining a hashed version of your password in contrast to any string of characters you key into the browser. For example, you have entered your Google password in an non-Google website, it will redirect you to a warning page, indicating that something has gone wrong. (The user may also be using their Google password for more than one account, which may be a lesser security risk, but it will still remain a problem). Since Password Alert only keeps the hashed version of your password, it can carry out the check without revealing your actual password at any extra risk. Anyone managing a Google for Work account can also make Password Alert compulsory across their domain. The moment the employee gets an notification, the administrator will be simultaneously alerted of the same.
It’s also recommended that passwords not be reused, as a breach on another web service could allow access to a different one. Hackers often try to see if stolen credentials will unlock other accounts as well.Google also recommends people enable two-factor authentication, which involves entering a temporary passcode along with a username and password.