Google developers have created Password Alert, an open source Chrome extension that aims to prevent users from entering their Google password in a phishing site or, alternatively, alert them when they did so and urge them to change their password.
“Password Alert works like a spellchecker, comparing your keystrokes within the Chrome browser to your password to help you avoid mistakes. It doesn’t store your password or actual keystrokes, or send either to any remote system beyond your computer — instead, it locally saves a fingerprint of your password, and compares that fingerprint to the fingerprint of what you’re typing,” they explained in the project page on GitHub.
“Separately, Password Alert also tries to detect fake Google login pages to alert you before you’ve typed in your password. To do so, Password Alert checks the HTML of each page you visit to ascertain whether it appears to be impersonating a Google login page.”
The extension will also try to prevent users from using their Gmail password for other online accounts by warning them about the risk such a choice creates, but will not force them to change the password.
“When Google for Work administrators deploy Password Alert across all Chrome clients in their domains, the administrators can receive alerts when Password Alert triggers,” they noted.
For answers to frequently asked questions about Password Alert, go here.