# # Google Password Alert
APLawrence.com - Resources for Unix and Linux Systems, Bloggers and the self-employed

Google Password Alert - barn doors and horses

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© May 2015 Anthony Lawrence

I use two factor authentication everywhere I can. For those of you who don't know what that is, it means that your password by itself is not enough: after logging in, you are asked to enter a code that typically has been sent as text or by a phone call. Facebook uses a "code generator" app installed on your smart phone, but the concept is the same.

Two factor authentication is about as safe as we can do right now. I'd never say "impossible", but hacking that today would be very difficult. However, some people - too many people, unfortunately - simply will not use it. Maybe they can't - no phone, perhaps? Or maybe they find the extra security annoying, which really is a silly excuse, but people do foolish things and that's that.

Google now has a "Password Alert" extension for Chrome. If you sign into a phishing page with your Google account, you'll see this:

Isn't this a little late?

Umm, obviously the horses have already left the barn - shouldn't this extension have warned you BEFORE you signed in? Never mind - the extension was hacked almost immediately. Google updated it shortly and Google extensions autoupdate every few hours so users were protected (if you can call this protection) fairly quickly. I still really have to wonder about the value of this. Shouldn't Google Chrome's "safe browsing" code already know about these sites? Is it all that difficult for Chrome to notice that a site is masquerading? I'm not saying it's dead easy, but it can't be all that hard, can it?

Protect your Google Account with Password Alert

Behold: the drop-dead simple exploit that nukes Google’s Password Alert

Every few hours, the browser checks whether any installed extensions or apps have an update URL.


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> Google Password Alert


Inexpensive and informative Apple related e-books:

Take Control of Parallels Desktop 12

iOS 10: A Take Control Crash Course

Take Control of Automating Your Mac

Take Control of OS X Server

Take Control of High Sierra





More Articles by © Anthony Lawrence




Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





I think there is a world market for maybe five computers. (Thomas Watson, Chairman of IBM, 1943)




Linux posts

Troubleshooting posts


This post tagged:

Google

Security



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode