mercredi 29 avril 2015

Google's open source 'Password Alert' protects your login credentials from phishing attacks

phishing

Google is life. Well, not really, but for some people it kind of is. For many of us, a Gmail account became a gateway to an entire Google lifestyle. One password logs us into numerous services, which is super convenient, but also quite scary. Over time, it is easy to let your guard down and fall for phishing sites that pretend to be a legit Google login. If your Google credentials are intercepted, you are going to have a bad time.

Today however, the search-giant releases an open source Chrome browser extension aimed to thwart these stinky phishing goons. Called "Password Alert", it will hopefully protect your credentials and keep the sun shining on planet Google.

'To help keep your account safe, today we’re launching Password Alert, a free, open-source Chrome extension that protects your Google and Google Apps for Work Accounts. Once you’ve installed it, Password Alert will show you a warning if you type your Google password into a site that isn’t a Google sign-in page. This protects you from phishing attacks and also encourages you to use different passwords for different sites, a security best practice", says Drew Hintz, Security Engineer and Justin Kosslyn, Google Ideas.

Hintz and Kosslyn further explain, "here's how it works for consumer accounts. Once you’ve installed and initialized Password Alert, Chrome will remember a 'scrambled' version of your Google Account password. It only remembers this information for security purposes and doesn’t share it with anyone. If you type your password into a site that isn't a Google sign-in page, Password Alert will show you a notice like the one below. This alert will tell you that you're at risk of being phished so you can update your password and protect yourself".

phishing_caught

 

While this is very good, it stops a bit short from being great. Yes, protecting Google credentials is a positive thing; the company deserves kudos for sure, but users have many more passwords to protect other than the search-giant's. In other words, the company would be smart to offer a full-fledged password management tool such as 1Password or Lastpass. I wouldn't be surprised to see this happen in the future.

Password Alert in its current state is a bit short-sighted. With that said, it is open source, so maybe a crafty developer can turn it into something better. If you want to install the extension, however, you can get it here.

Tell me what you think in the comments below.

Photo Credit: tobkatrina/Shutterstock



Aucun commentaire:

Enregistrer un commentaire