Password Alert: Protect a Google account from password theft

Topic Progress:

Click on the numbered tabs to navigate this lesson.

Password thieves often target news media

This lesson has been adapted from Google News Lab and is reproduced with permission.

Every day, hundreds of millions of emails are sent with the intent of stealing passwords. Increasingly, these attacks target journalists: a 2014-2015 study by Newscycle Solutions found that 52% of news media companies were hacked or suffered a data breach — and the most common type of attacks were phishing (59%).

In 2016, a wave of cyber attacks in the U.S. that breached high-profile targets including the Democratic National Committee, Colin Powell and Olympic gymnast Simone Biles, underscored the need for enhanced security.

In this lesson, you will learn:

  • About Phishing and fake login pages.
  • How Password Alert can protect you.
  • How to install Password Alert.

The graph below shows which types of attack sites surveyed have suffered.

Please note: these video walkthroughs are recorded without sound.

The rise of fake login pages (phishing)

As phishing scams become more sophisticated, fake login pages can trick you into giving your password to an attacker — without even knowing it. An action as simple as a typo can land you on one, with only subtle cues such as an outdated Google logo or font to tip you off that it’s a forgery. That’s how fake login pages successfully steal passwords 45% of the time.

Once your password has been stolen, the attacker may use your email account to harm you by gathering personal information or emailing others and pretending to be you. The consequences can be devastating; stolen data has even been used to put journalists in prison.

Sometimes, phishing attacks can be spotted if you’re looking carefully enough. See the telltale signs in the video below.

How Password Alert protects you

If you use a Google account for mail or work documents and the Chrome web browser, there’s an add-on designed to help protect you called “Password Alert“. Password Alert works like a spellchecker, except that instead of looking for typos, it looks to see if you enter your Google account password any place other than your account sign-in page.

If it detects that you’ve mistakenly entered your password on the wrong site, it immediately alerts you and prompts you to change it. If you’re positive that you’re on a legitimate site, you can choose to ignore the alert and continue without changing your password.

See what happens if your Google password is entered into the phishing page from the last slide.

Password Alert maintains your privacy

Rest assured that Password Alert will never store your password or keystrokes. Using a technique called “hashing,” it knows if you just typed your password without ever knowing what your password is.

To learn more about your privacy and Password Alert, read the FAQ on our support page.

How to install Password Alert

To install this safety tool, simply visit, which takes you to the Chrome Webstore page where you can download Password Alert. Click on “Add to Chrome” and follow the prompts.

Once you’ve installed Password Alert, simply sign in to your Google account and it will automatically start working behind the scenes.

To learn more about how Password Alert protects you online, visit the Jigsaw website.