Bargains for Under $25 HP Envy 34 All-in-One PC Review Best Fitbits T-Mobile Data Breach Settlement ExpressVPN Review Best Buy Anniversary Sale Healthy Meal Delivery Orville 'Out Star Treks' Star Trek
Want CNET to notify you of price drops and the latest stories?
No, thank you

How to use Google's Password Alert tool to thwart phishing attacks

Google created a new Chrome extension that alerts you when you enter your Google password on a non-Google site. Here's how to set it up.

James Martin/CNET

Google's built a new tool in the fight against phishing. The free Password Alert Chrome extension keeps track of where you enter your Google account password and alerts you when you've entered it someplace other than

This does two things: it prevents you from re-using your Google password on other sites, and it protects you if you've entered your password on a site that's pretending to be Google to collect your private information, a practice also known as phishing.

For a quick primer, phishing is when a group or individual poses as a legitimate company or organization to obtain your sensitive information, such as passwords, social security numbers or credit card numbers. In a phishing attack, you might get an email from someone pretending to be Google asking you to type in your account details on a malicious website.

If you were to enter your Google password on that website, Password Alert will show a message letting you know that "Your Gmail password was just exposed to a non-Gmail page" and that you should change your password immediately. This message appears as soon as you finish typing the final character in your password, and it works whether you're signing up for a new account or simply trying to log in into a non-Google website.

Password Alert is very easy to set up and use. Here's how to get started:

  • Install the Password Alert extension from the Chrome Web Store.
  • The extension will prompt you to enter your username and password for your Google account, even if you're already logged in.
  • After you enter that information, Password Alert will start monitoring where you enter your Google password.

When Password Alert is enabled, you'll see an alert whenever you enter your Google or Gmail password anywhere outside of Google. You can choose to ignore it, if you know you've entered your password on a safe website (like Amazon or Facebook), or click the link to reset your password.