Introducing Password Alert

To this day, one of the biggest security traps online is being tricked into sharing your password with a cybercriminal. Whether that happens because you’re fooled by a look-alike login site or because someone has hacked a site where you reuse the same password (tsk, tsk!)…either way, it puts both your personal and company data at risk.

Google is hoping to eliminate both these scenarios from happening with the use of their new tool: a free, open-source extension for Chrome called Password Alert. With Password Alert, any time your Gmail password is entered into a login page that’s not an actual Google login, the extension shows you an alert and prompts you to immediately reset your Gmail password before it can be used to compromise your account.

Additionally, if you try to reuse your Gmail password on another site with Password Alert installed, it will lead to the same alert as if a phishing attempt has occurred. Google hopes this response will help get the important security message across: give up the bad habit of sharing passwords between sites.

Keep your accounts secure

Google estimates that the most effective phishing attacks can succeed 45% of the time and reports nearly 2% of messages to Gmail are designed to trick people into revealing their passwords. Various services across the web send millions of phishing emails every day hoping to hit the jackpot, so it’s only a matter of time before you’re put at risk. Here’s how Password Alert works to protect you from these sorts of attacks:

Password Alert for consumer accounts. After installing and initializing Password Alert, Chrome will remember a scrambled version of your Google account password. According to Google, the password is only remembered for security purposes and isn’t shared with anyone. Then, if you type your password into a site that isn’t a Google sign-in page, Password Alert will show you a notice informing you of your risk so that you can update your password and protect yourself.

Password Alert for Google for Work accounts. Once your Google for Work administrator has installed Password Alert for everyone in the domains they manage, they’ll be able to receive alerts whenever there’s a possible problem detected. This will help admins spot malicious attackers trying to break into employee accounts and also reduce password reuse. More information for admins can be found in the Google Help Center.

Password Alert is definitely not the first step Google has taken to protect users from phishing attacks. They’re constantly improving their Safe Browsing technology, which protects more than 1 billion people on Chrome, Safari, and Firefox from phishing and other dangerous sites through the use of bright red warnings. They also offer tools like 2-Step Verification and Security Key that enables users to protect their Google accounts and remain safe online.

You can take Google’s Security Checkup if you’re curious whether the safety and security information related to your account is current. And if you’re ready to get started with Password Alert, you can head on over to the Chrome Web Store (or check out the FAQ if you still have questions). Safe internet-ing all!