14 DAY TRIAL // A new extension from Google alerts users when they enter the Google password on fraudulent pages and are at risk of having their accounts hijacked.
Named Password Alert, the extension displays a warning when the password for the Google account is provided on locations trying to impersonate the Google sign-in page.
Secure password version is created for comparison
The verification is done by comparing the sign-in string with a cryptographic version of it that is created when logging successfully into the Google account.
The variant is stored temporarily by Password Alert and is designed to be one-way, which means that it cannot be reverted to plain text.
To achieve this, the password is "scrambled" (hashed and salted), a process that involves adding supplementary data to the original string and then converting it into a hash value, which is fixed in length, regardless of the input size.
The phishing warning is shown after the attack occurs and offers the user two possibilities: reset the password or simply ignore the alert.
Extension contributes to better protection of online accounts
Apart from this, Password Alert also informs when the Google password is recycled for other accounts, a practice adopted by users to remember the access key for multiple services more easily.
Cybercriminals know this all too well, and when they pilfer credentials they also try them on other services, thus expanding the effects of a data breach.
Although web browsers include anti-phishing protection, the fraudulent pages are active for short periods of time (most of the time for just a few hours or less until the information reaches the browser). In the brief interval of activity, the cybercriminals can turn a significant number of users into victims.
A study based on incidents between 2011 and 2014, and carried out by the University of California, San Diego, in collaboration with Google, showed that an effective phishing attack can be successful in 45% of the cases.
Password Alert aims at reducing the number of casualties by informing users in due time that their password has fallen into the wrong hands and offering a simple way to reset it before cybercriminals hijack their accounts.
No data is saved permanently by the extension, which also contributes to creating stronger passwords, as it requires that the strings have at least eight characters. To work, Password Alert needs JavaScript to be enabled in the web browser.