Google’s new Password Alert tool works to prevent phishing attacks

Password Alert, an extension for the Chrome Web browser, will let you know if you've typed your Google password into a non-Google site. Password Alert will then prompt you to change your password so that it doesn't fall into the hands of thieves.

Arnd Wiegmann/Reuters
Google's Password Alert tool helps keep you safe from phishing attacks by letting you know if you've entered your password into a non-Google site. Here, the Google logo is seen at the company's engineering center in Zurich, Switzerland.

Security experts have established all sorts of best practices for keeping online passwords secure: pick a string of characters that’s not easy to guess, don’t use passwords based on dictionary words, don’t write your passwords down, don’t reuse passwords across different sites – the list goes on. But most people simply don’t have the mental bandwidth to remember dozens of different passwords for the different sites they use, and as password management tools such as LastPass and 1Password haven’t caught on widely, many of us reuse the same password on many different web sites.

But by recycling passwords, we’re making ourselves easier prey for “phishing” attacks. A phishing attack occurs when a bogus email or Web site tricks us into giving up our username and password by posing as a service we use everyday. If you’ve ever gotten an email purporting to be from eBay or PayPal, asking that you log in to address a vaguely defined problem with your account, it was probably a phishing attack.

On Wednesday Google released Password Alert, an extension for the Chrome Web browser that will help defend against phishing attacks by saving careless Internet users from themselves. Password Alert will let you know if you type your Google account password into a non-Google site, and will prompt you to change your password immediately if that happens.

If you’re a Gmail user, your Google password is particularly important, because a hacker can gain access to most of your other accounts if he or she gains access to your email. In most cases, it’s as simple as clicking the “Forgot your password?” link on a login page. The site will send a reset password to your email account, which the hacker can then intercept. Password Alert will give you a heads-up that you’ve typed your password into an unsafe site, giving you time to change it before the bad guys do.

Password Alert also automatically checks the code of sites you’re visiting so it can determine whether a particular page is masquerading as a Google login page. If it notices one, it’ll warn you so you don’t get tricked into sharing your credentials.

Password Alert stores your Google password through what’s called a hash: a combination of your password and an additional string of characters that allows the sensitive data to be stored securely. That allows it to check the passwords you enter on different web sites against the hashed password in its database, and to alert you if it notices that you’ve entered your Google password on a non-Google site.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.