Using this new extension, your Chrome browser will save whats called a “hashed” (think, encrypted) version of your password. While holding onto that, it will keep an eye out for any time you punch your password in while using Google Chrome. If you type your password in somewhere that doesn’t belong to an official Google account or website, you will be notified to change your password.
The use for an extension like this only grows as more and more sites offer “log in with Google” and “log in with Facebook” in lieu of having to create a whole plethora of user accounts. While most of these are legitimate, it’s easy to think that a less scrupulous user wouldn’t notice the difference between an authentic and inauthentic log in.
Cleverly, the extension goes one step forward in an attempt to prevent situations exactly like that one. It reads the HTML of whatever site you navigate, too, searching for imitated Google web pages. The new Chrome extension is open source, so while it only functions for Google services now, it could potentially be expanded to other services in the near future.
Speaking on the new extension Google security engineer Drew Hintz said, “In the security industry we expect users to know when it’s ok to type their password. That accounts.google.com is OK, and accountsgoogle.com isn’t. That’s an unreasonable demand. This helps you make that decision as to whether the place you just typed your password was a fine place to type it or not.”
If you’re using Chrome you can install Password Alert now.
