Google Password Alert - barn doors and horses

© May 2015 Anthony Lawrence

I use two factor authentication everywhere I can. For those of you who don't know what that is, it means that your password by itself is not enough: after logging in, you are asked to enter a code that typically has been sent as text or by a phone call. Facebook uses a "code generator" app installed on your smart phone, but the concept is the same.

Two factor authentication is about as safe as we can do right now. I'd never say "impossible", but hacking that today would be very difficult. However, some people - too many people, unfortunately - simply will not use it. Maybe they can't - no phone, perhaps? Or maybe they find the extra security annoying, which really is a silly excuse, but people do foolish things and that's that.

Google now has a "Password Alert" extension for Chrome. If you sign into a phishing page with your Google account, you'll see this:

Umm, obviously the horses have already left the barn - shouldn't this extension have warned you BEFORE you signed in? Never mind - the extension was hacked almost immediately. Google updated it shortly and Google extensions autoupdate every few hours so users were protected (if you can call this protection) fairly quickly. I still really have to wonder about the value of this. Shouldn't Google Chrome's "safe browsing" code already know about these sites? Is it all that difficult for Chrome to notice that a site is masquerading? I'm not saying it's dead easy, but it can't be all that hard, can it?

Protect your Google Account with Password Alert

Behold: the drop-dead simple exploit that nukes Google’s Password Alert

Every few hours, the browser checks whether any installed extensions or apps have an update URL.

Got something to add? Send me email.

---

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us