Google Chrome adds Predictive Phishing Protection, Better Gmail security
Chrome will use insights from the Safe Browsing filter to predict new phishing sites.
Google has announced a pair of security improvements for its Chrome browser. Now, users will get smarter browser featuring with a new predictive phishing feature and high-risk Gmail users will get an added layer of security.
We discussed how Chrome was adding a new cleanup feature that allows users to clean their computer of unwanted apps and programs yesterday. Today we’ll take a look at the new phishing and Gmail protections.
Predictive Phishing Detection
Google’s Safe Browsing filter, also used by Mozilla and Apple, is a very good tool for keeping users safe on the internet. It scans regularly for malicious pages and warns users with they try to access them. Unfortunately, the scans happen periodically and there are pages that are created and put into use immediately that can avoid detection for a period. This creates a vulnerability.
Using the insights gained from the Safe Browsing filter, Google has created a system that can identify the characteristics of a phishing site and warn users when they try to reach it.
We’re using this knowledge to test new predictive phishing protections in Chrome. Soon, when you type your Google account password into a suspected phishing site, we’ll add additional protections to ensure your account isn’t compromised. Those protections will apply even if you use a different browser afterwards.
Eventually this protection will expand to all the passwords you have saved in Chrome, but for now it just protects your Google password.
Physical Security for your Gmail Account
For high-risk Gmail users, those likeliest to be targeted on the web, a new two-factor authentication feature is available that uses a physical hardware token to help validate you.
The physical hardware token – typically an external hardware drive – will use PKI and a digital signature. Google didn’t go into too much detail on the actual process, but I imagine it would be like signing any other file or email digitally. Regardless, an attacker would need to have both your password and the physical key to access your account, making this an extremely useful feature, even if it does complicate the process of signing in.
The other unfortunate side effect is the third-party apps will no longer be able to access your Google account once enrolled in the program. The OAuth account linking protocol will no longer work. This includes Apple Mail. It will also take longer to restore a password.
The tokens cost 20 dollars a piece.
What we Hashed Out (for Skimmers)
- Google adding two new security features to Chrome
- Predictive phishing detection uses Safe Browsing insights to predict phishing sites
- Google has also added two-factor authentication with a physical token for high-risk users.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown