Google comes with Chrome extension to prevent phishing

Google has released a Chrome extension that can warn against Google password phishing. By comparing entered text with a hash of the password, the extension can warn when the password is typed on a non-Google site.

The extension compares entered text with a hash of the Google password. That hash is created the first time a user logs into Google after installing the add-on. The comparison is not done continuously, but after an entered text is sent. When the entered text matches the Google password, the user is taken to a warning page. He recommends changing the Google password immediately.

Password Alert also checks the HTML of every page visited, trying to find fake Google login pages. According to Google, the add-on does not transmit any data unless it is used in conjunction with Google For Work. In that case, the administrator can also receive notifications.

The add-on will not be able to warn the user until their password has been entered on a potentially unsafe site. In addition, the warning also kicks in if the password for Google happens to be the same as that for another service. That is something that Google advises against. Javascript must be enabled for the add-on to work. The extension is disabled in incognito windows or Chrome apps. For now, the add-on only works with passwords for Google accounts.