Google develops new defense against phishing


Google has developed a new extension for its Chrome browser that aims to stop people from falling prey to phishing sites.

The free Password Alert extension stores an encrypted version of a person’s password and warns if it is typed into a site that isn’t a Google sign-in page, according to a blog post on Wednesday. It will then prompt a person to change their password.

Although security companies collaborate to detect and blacklist phishing sites, such attacks are commonly used by hackers to capture valuable sign-in details. Phishing sites may only be active for a short time before they’re blacklisted, but it’s still a window of risk.

It can be very difficult for people to discern phishing sites, as attackers will replicate what appears to be a legitimate access control panel down to the pixel. Users may also have trouble recognizing domain names that are very similar to the legitimate service.

Password Alert mandates that users have passwords with at least eight characters. Security experts warn against making passwords simple words and instead recommend a combination of upper- and lower-case letters with other characters.

It’s also recommended that passwords not be reused, as a breach on another web service could allow access to a different one. Hackers often try to see if stolen credentials will unlock other accounts as well.

Google also recommends people enable two-factor authentication, which involves entering a temporary passcode along with a username and password.