When you go online, you have to be ready for all kinds of threats – phishing, hacking and malware to name a few. For some of these threats, you can use a standard antivirus solution as your basic protection, while a good firewall can be used as a shield against hacking attempts. Though many security tools and online services can warn you of some of the known phishing domains and block them, but they cannot provide protection against new unknown domains being used for phishing. Now Google has come with a new anti-phishing extension for Google Chrome browser called Password Alert. It uses an entirely different approach – instead of blocking all the different phishing domains, it prevents your Google account password from being used on the non-Google domains.
The Password Alert extension is available for Google Chrome browser and provides phishing protection only for the Google accounts. It can detect when you enter your Google password on a non-Google domain and raises an alert. The non-Google web site where you entered your Google account password is taken to be a possible phishing website. You could enter the Google password on a non-Google site by your own mistake – Password Alert will still block the site, but it does not mean that it was a phishing site.
After the installation of the Password Alert extension, you are asked to sign-in to your Google account. Even if you are already signed in to your Google account in Chrome browser, you still have to sign-in once again. As you sign-in, the Password Alert extension captures the password “thumbnail” (perhaps a hash of the password) and saves it locally on your hard disk. The confirmation to this effect is displayed in the notification area.
Whenever you enter your Google account on a non-Google web site, the Password Alert notices that it could be a possible phishing site and blocks that website with a warning to change your Gmail account password as soon as possible. At this point, you should clear all the web browser cache (use something like Clean Master), sign-in back into Google account and change the account password and other security settings. It is also a good idea to enable 2-step verification for Google account. If you are using an Android smartphone, you can protect your Google account using the Google Authenticator app.
Conclusion: Google Password Alert provides effective protection against phishing and warns you as soon as you have accidentally entered your Google password on a non-Google domain. However, it protects only Google accounts from phishing sites.
You can get the Google Password Alert from https://chrome.google.com/webstore/detail/password-alert/noondiphcddnnabmjcihcjfbhfklnnep.