If a hacker wants to get access to your personal data or login credentials, they might try a phishing attack—one of the oldest tricks in the book. Because it hinges on deception over technical skill, phishing is a difficult security risk to prevent, but Google may have found a way.
In a phishing attempt, a malicious actor tricks you into offering up sensitive data like a password or credit card number by pretending to be a legitimate website, company, or contact.
As part of an anti-phishing campaign, Google just launched a Chrome extension called Password Alert that will help prevent attackers from accessing your Google accounts.
Password Alert compares a hashed version of your password (a string of anonymized data that corresponds to your password) to whatever you type into a Web page. If it recognizes your password after you’ve submitted it to a malicious site, it will show you an alert saying you need to reset your password.
It’s not completely perfect—as the Verge notes, if you use the same password as your Google account on multiple websites, you’ll get an alert anytime you try and sign into them. That’s ill-advised anyway, so Google is really doing you a favor and reminding you to have different passwords for different sites.
Additionally, it only works after you’ve entered your password, so you’ll need to change your credentials immediately. And it’s always smart to have two-factor authentication enabled on your accounts (do that for Google here), so even if an attacker has your login info, they won’t be able to gain access without additional authorization.
H/T The Verge | Illustration by Fernando Alfonso III