Google is launching a new Chrome extension today designed to prevent you from recycling your Google password on other sites. Password Alert, which is now available in the Chrome Web Store, will warn you whenever you are about to reuse your Google password on a site that isn’t a Google sign-in page.
Google’s Director of Security for Google Apps for Work Eran Feigenbaum told me the company has been using a very similar tool internally for a few years now.
For the most part, the idea here is to prevent phishing attacks. Even Googlers, Feigenbaum said, regularly fall for phishing attacks that pretend to show them a Google log-in page that is meant to steal their passwords.
This tool isn’t just about phishing, though. Because so many users simply reuse the same password over and over again (you don’t, right?), hackers could gain access to virtually all of a user’s online accounts through a single attack — no matter whether they got it by phishing the account or through a security leak.
Two-step authentication can prevent some of those hacks — and Google’s Security Key is even more secure when it comes to preventing phishing — but to some degree, this tools is almost more about teaching users not to recycle their passwords than anything else.
Feigenbaum told me Google for Work admins can set this tool up so they receive an alert when one of their users has become the victim of a phishing attack. They can then prompt these users to reset their passwords.
It’s worth noting that you don’t need a Google Apps for Work account to use this — any regular Google account will do (though things may get a bit messy when you use multiple Google accounts in parallel).
Google is open-sourcing this tool, too, in order to enable developers to bring it to other browsers.