Security breaches is one of the most alarming issue happened in the recent years. Even though how many times Hendren Group Global Facts warns the public not to open suspicious emails, and click on the links and open the attachments inside it, people are still clicking and unsuspectingly handing their personal information to hackers.
No matter how sophisticated your security is, there is always a possibility of becoming a victim to this simple phishing scheme. It's a difficult problem to solve, but Google has a new solution for you and other Chrome users that might help you avoid serious data loss.
The search giant recently released a new Chrome extension, dubbed Password Alert, designed to serve as an early warning system against phishing attacks wherein it can detect if you're using your Google password on any non-Google site.
Product manager of Google Ideas, Justin Kosslyn said that phishing should be a real concern for everyone. He also defined the project as a useful and quiet line of defense against a real challenge.
If the extension detects that you have entered your Gmail password to anywhere other than accounts.google.com, it will redirect you to a warning page and will tell you that your password was just exposed and you should immediately reset your password to keep your Gmail account secure. You can ignore the alert if you are sure you've not been hacked. Gmail users can also mute website alerts.
Because Password Alert only keeps the hashed version of your password, it can execute the scan without revealing your actual password to any further risk. Any individual using Google for work account can also make a Password Alert mandatory across their domain. Each time an employee gets an alert, same goes with the administrator.
Here is the bad news, Password Alert biggest weakness is that it can only scan a password that has been successfully submitted, so the user will only be alerted after they have been successfully phished. However, even a late warning will give users the chance and time to change their passwords and lock down their accounts before any damage is done. For users with two-step verification, it should be easy to change the password before the attackers can exploit it.
The extension could also heighten security outside of Google accounts. It is built to integrate with Google's password system, but the code is open source, so it should be easy to adapt the code to other systems.
Kosslyn states that they hope the open-source community scales Password Alert to provide additional security to internet users.
Google increased its security practices in October with the release of Security Key. If you are making use of Google's 2-step verification method, you can choose Security Key as your primary method, rather than having verification codes sent to your phone. With Security Key, you can simply insert your Security Key into your computer's USB port when requested. Security Key provides better protection against phishing attacks, because it uses cryptography instead of verification codes and automatically works only with the website it's supposed to work with.