Here’s a Chrome extension you should go install right now: The new Password Alert extension helps secure your Google account by letting you know when you’ve unwittingly given your credentials away to a website that’s not Google.
The extension works by storing a hashed version of your password that’s compared to any passwords you submit over the internet. When the extension notices that you’ve punched your password into any website that’s not accounts.google.com, you’ll be prompted to change your password.
The tool also reads the HTML of sites you visit so it can detect websites that are impersonating Google’s login pages. Although the tool is limited to Google and Google for Work accounts for now, the code is open source, so it can be implemented by non-Google services in the future.
Phishing is one of the most vexing problems for people who want to keep your accounts and personal information safe. People are gullible and click links they shouldn’t click. No amount of training seems to dissuade people from compromising their own accounts by doing silly things like punching in passwords to websites they shouldn’t trust. That makes safeguard software like Password Alert a boon for security. At least until someone figures out how to social engineer around it again.