Google has developed an extension for its Chrome browser that aims to protect users from becoming victims to a phishing attack.
Users can download the open source Password Alert extension free of charge.
The tool stores a scrambled version of a user's password to Chrome local storage and compares it to each password the user enters into any website other than accounts.google.com, or websites whitelisted by an admin for Google for Work domains.
The extension alerts the user if their password is typed into a site that isn't a legitimate Google sign-in page, and prompts them to change it.
Users with the extension installed will be required to have at least eight characters in their password.
Google said nearly two percent of messages sent to Gmail accounts were designed to trick users into handing over their passwords.
Password Alert aims to protect users in instances where Chrome's built-in safe browing feature - which detetcs phishing pages in advance - misses a non-trusted sign-in page.
The extension is available to Google for Work customers as well as consumer Chrome users.
Administrators can install the extension for each user they support, and will receive alerts when a potential password breach occurs.
The feature is not, however, supported by the Google for Work support team.
Javascript must be enabled and Google Apps for Work users must be signed in to Chrome for the feature to work, Google said.
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
