Another Layer of Protection: Thank-you Google (Week 8)

In one of my previous posts I talked about phishing attacks and measures you can practice to prevent yourself from becoming a victim of one.  The fact is, phishing attacks are continuing to increase in frequency and attackers are creating phishing attacks to appear more credible which is making it more difficult for users to protect themselves.  Sure, you can continue to implement controls such as never providing private information when solicited to in an email and checking email carefully before opening it or attachments, but the reality is, you can only do so much before you are finally outwitted by a clever attacker.  So wouldn’t it be great to have another layer of protection that is designed and implemented to watch over your actions and help prevent you from being outwitted by a clever attacker?

The good news is Google has created that extra layer of protection to help protect their users from phishing attacks.  The bad news is that extra layer of protection is only offered to Google users.  At this time you may be asking yourself what is this extra layer of protect that Google has developed and implemented to help protect their users from phishing attacks?  That’s a great question.

Google calls their new layer of protection “Password Alert”.   It is a free open-source Chrome extension that Google users can elect to install that protects them from phishing attacks and encourages them to use different passwords for different sites.  This is how it works.  After it is installed, users activate the feature by entering their password into accounts.google.com.  The password alert application then stores the password as a secure thumbnail.  It will then use the thumbnail to compare to your recent keystrokes within Chrome when you attempt to login to a website.  If you attempt to enter your Google password on a site that does not have Google sign-in, Password Alert will alert you that you have just exposed your password to a site that is not related to Google and recommends for you to change your Google password as soon as possible.  Users using the Password Alert application that attempt to use their Google password on a site that does not have Google sign-in will see the following alert:

This new security feature may seem like a minor addition to the other layers of security and it may be when compared to other security features such as two-factor authentication.  The important thing to take away from this is that this little addition to the existent layers of security is a security feature to protect Google users from phishing attacks.  Security features like this have been virtually nonexistent until now.  This will hopefully move other websites to develop and add a security feature like Googles Password Alert to help protect their users from phishing attacks.

References

Protect your Google account with password alert. (2015, April 29). Retrieved April 30, 2015, from http://googleblog.blogspot.com/2015/04/protect-your-google-account-with.html