Yesterday, Google announced the release of their newest Chrome extension, Password Alert. The new free tool is designed to warn users of the popular browser when they are entering their Google passwords on non-Google websites, helping to protect their Google accounts from phishing attacks. The application also prevents users from using the same password for their Google account on other sites. While this secondary feature may seem overzealous, it is a necessity if one of these accounts are breached, then a hacker would have a higher chance of accessing the victim’s Google account with the same credentials.
As our Threat Brief revealed, Google is by far the number one target of phishing attacks. Developing a Chrome extension that protects users accessing their Google accounts will certainly help defend against the onslaught of phishing attacks targeting Google. It would be great to see this same technology extended to other browsers and also to protect other major targets of phishing. The Threat Brief includes the top targets for phishing, and while each company uses a different login technique, there is something to be learned from what Google has done with respect to protecting customers as they access their accounts.
This is a good time to remind everyone of very simple and effective strategies to keeping online accounts secure. To start, make sure your primary email password is different from all other passwords. As I mentioned, there is a domino effect if you can break into this account. We all hate remembering different passwords, but this one is a must for proper online security. Secondly, hard to break passwords are very easy to create, and the key is length. My tip is to think of a phrase that is unique to you. For example, I love cheese and skiing -> !Lovech33s3andsk!!ng*. A password like this is very easy to remember and very difficult to crack.
Technology like this is not the end all to password security, but adding this to your tools for everyday use will only help to enhance your protection online.
Download the Password Alert for Chrome here: https://chrome.google.com/webstore/detail/password-alert/noondiphcddnnabmjcihcjfbhfklnnep