Google is releasing a new extension for Chrome called "Password Alert" and available in the Chrome Web Store. As the name suggests, it is about… password. But he is not a manager. It is a protective tool that will howl in certain circumstances.
Each time the user tries to log in by reusing his Google password on a site and via a page that is not a Google login page, the extension will display an alert message. This message (below) will appear once the precious sesame has been entered and before validation:
The first objective here is to fight against phishing attacks (phishing attacks) where a login page tries to impersonate a legitimate Google login page in order to steal a password. Moreover, it is indicated that the extension checks the HTML code of each login page in order to flush out those that are false.
Another objective is secondary. With the alert, which can take place with a healthy login page, the user will be indirectly reminded that it is not good to re-use the same password (and in this case Google) on other devices. other sites. We will therefore also retain a small educational side.
For an implementation, an initialization is necessary. It consists of entering your password by logging into Gmail for example and thus on accounts.google.com. Google explains, however, that it is not a matter of recording the password or keystrokes:
"Each time you sign in to your Google Account, the extension temporarily accesses your password and saves a fingerprint (reduced bit sequence) with salting on your local Chrome storage. This fingerprint is then compared to each word you enter on a website other than accounts.google.com "
, can we read in a FAQ.
Google offers its tool in open source (on GitHub) so that developers can use it for other browsers. For the moment, only Google Chrome is therefore concerned and with JavaScript enabled.