Google is encouraging its users to protect their account with open-source, free Chrome extension, Password Alert. The company advises that users install Password Alert, which will warn them if they type their password into a non-Google sign-in page. It will protect users from “phishing” attacks while encouraging different passwords use for various sites, which is the best security practice.
Google users tend to be deceived by phishing sites, which are ready to steal their passwords. Yet, these common, harmful sites appear to be fairly standard login pages. Most phishing attacks succeeded 45 percent of the time, while two percent of messages to Gmail are intended to trick people so they give their passwords. Many services are sending millions of phishing emails every day across the Web.
The unsuspecting user will then type in his password. Once the attackers have the user’s password, they can gain access to their Google account, without the knowledge of the account owner.
According to LifeHacker, while phishing scams look like legitimate sites or emails from real companies, they are not. They perhaps look a bit apart from what the user generally expects, but it is to be noted that scam sites cannot have similar URLS as the site they pretend to be, since they are different. The user can check on the URL by hovering on the link they are about to click. At the Windows’s bottom, the scam URL should show and the user can figure out whether it is a good or a bad link.
LifeHacker gives the Paypal site as an example. Using the site generally shows http://www.paypal.com or http://subdomain.paypal.com in the address. These two links are fine as they end up with “paypal.com.” Phishing sites will perhaps look like http://paypal.otherdomain.com, where “paypal” is attached to another domain “otherdomain.” URLs like these are something that need to be avoided.
People who try to steal user information via phishing web pages is not new, but Google actively warns users if they are about to fall on this trap. The Android OS maker has been finding ways to protect its users from attackers.
The Mountainview, California–based Search giant is constantly enhancing its Safe Browsing tech, which protects a billion plus people on Chrome, Firefox and Safari from harmful sites through red and bright warnings. It also offers tools like the two-step Verification and Security Key which can also protect Google account so users can safely stay online. Meanwhile, the Security Checkup can be used to ensure user information is safe and secured.
Now, Google is encouraging its users to use another protection of their account, with Password Alert. Once the new Chrome extension is installed, Chrome will remember a “scrambled” form of the user’s password, solely for security purposes. If the user types his password into a page that does not belong to Google, Password Alert will notify the user, telling him that he is at risk, so he can protect his password and protect his account.
The way the Password Alert works may seem simple. However, it is better to prevent the potential trouble from happening ahead, or it will be too late.
Google also encourages its users of Google for Work, which includes Google Apps and Drive for Work, to protect their work accounts with Password Alert by making the new software available for them. The administrator can install the software for everyone in their domains and receive notifications when Password Alerts sees a possible risk. Attackers will then be spotted immediately if they try to go into the employee accounts, and lessen the practice of password reuse. The Help Center has more information for the administrators with regard to installing Password Alert.
By Judith Aparri
Photo courtesy of James Robinson – Creativecommons Flickr License