How to use Google's Password Alert tool to thwart phishing attacks

Google created a new Chrome extension that alerts you when you enter your Google password on a non-Google site. Here's how to set it up.

Sarah Mitroff Managing Editor
Sarah Mitroff is a Managing Editor for CNET, overseeing our health, fitness and wellness section. Throughout her career, she's written about mobile tech, consumer tech, business and startups for Wired, MacWorld, PCWorld, and VentureBeat.
Expertise Tech, Health, Lifestyle
Sarah Mitroff
2 min read

James Martin/CNET

Google's built a new tool in the fight against phishing. The free Password Alert Chrome extension keeps track of where you enter your Google account password and alerts you when you've entered it someplace other than accounts.google.com.

This does two things: it prevents you from re-using your Google password on other sites, and it protects you if you've entered your password on a site that's pretending to be Google to collect your private information, a practice also known as phishing.

For a quick primer, phishing is when a group or individual poses as a legitimate company or organization to obtain your sensitive information, such as passwords, social security numbers or credit card numbers. In a phishing attack, you might get an email from someone pretending to be Google asking you to type in your account details on a malicious website.

If you were to enter your Google password on that website, Password Alert will show a message letting you know that "Your Gmail password was just exposed to a non-Gmail page" and that you should change your password immediately. This message appears as soon as you finish typing the final character in your password, and it works whether you're signing up for a new account or simply trying to log in into a non-Google website.

Password Alert is very easy to set up and use. Here's how to get started:

  • Install the Password Alert extension from the Chrome Web Store.
  • The extension will prompt you to enter your username and password for your Google account, even if you're already logged in.
  • After you enter that information, Password Alert will start monitoring where you enter your Google password.

When Password Alert is enabled, you'll see an alert whenever you enter your Google or Gmail password anywhere outside of Google. You can choose to ignore it, if you know you've entered your password on a safe website (like Amazon or Facebook), or click the link to reset your password.