Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Password Alert - Plugin Protects Passwords from Phishing

posted by martyb on Tuesday September 13 2016, @04:37AM   Printer-friendly
from the alert-when-phish-are-biting dept.

Dork Dynasty writes:

From Google, a plugin that detects when you type your google.com password into a non-Google web page.

https://jigsaw.google.com/products/password-alert/

Fake login pages tricks users to give their password to an attacker. These "phishing pages," when well-crafted, are successful about 45% of time. When a password has been stolen, the attacker uses the email account to gather harmful information, or to email others, pretending to be the account holder.

The tool works like a spellchecker, except instead of looking for typos it's looking to see if you enter your Google password into anywhere other than your account sign-in page. If it detects that you've mistakenly entered your password in the wrong place, it immediately alerts you and asks you to change your password to be safe again.

So it is somewhat analogous to cert-pinning for passwords. It would be nice if they expanded it to all website/password combos instead of just google.com

Original Submission

 
This discussion has been archived. No new comments can be posted.
Password Alert - Plugin Protects Passwords from Phishing | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Fnord666 on Tuesday September 13 2016, @02:02PM

    by Fnord666 (652) on Tuesday September 13 2016, @02:02PM (#401296) Homepage
    So many people reuse passwords on multiple sites that this will keep throwing up false positive alerts until the the person either uninstalls the extension or ignores the warnings. A third, best case but least likely option would be that they take the hint and start using a unique password per site, but I wouldn't hold my breath.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2, Insightful) by Anonymous Coward on Tuesday September 13 2016, @03:11PM

    by Anonymous Coward on Tuesday September 13 2016, @03:11PM (#401333)

    Well, even if they do, they'll probably use two passwords: One for Google, and one for everything else.

    And the difference will probably be a "G" attached to the Google password.