Chrome will use insights from the Safe Browsing filter to predict new phishing sites.
Google has announced a pair of security improvements for its Chrome browser. Now, users will get smarter browser featuring with a new predictive phishing feature and high-risk Gmail users will get an added layer of security.
We discussed how Chrome was adding a new cleanup feature that allows users to clean their computer of unwanted apps and programs yesterday. Today we’ll take a look at the new phishing and Gmail protections.
Predictive Phishing Detection
Google’s Safe Browsing filter, also used by Mozilla and Apple, is a very good tool for keeping users safe on the internet. It scans regularly for malicious pages and warns users with they try to access them. Unfortunately, the scans happen periodically and there are pages that are created and put into use immediately that can avoid detection for a period. This creates a vulnerability.
Using the insights gained from the Safe Browsing filter, Google has created a system that can identify the characteristics of a phishing site and warn users when they try to reach it.
We’re using this knowledge to test new predictive phishing protections in Chrome. Soon, when you type your Google account password into a suspected phishing site, we’ll add additional protections to ensure your account isn’t compromised. Those protections will apply even if you use a different browser afterwards.
Eventually this protection will expand to all the passwords you have saved in Chrome, but for now it just protects your Google password.
Physical Security for your Gmail Account
For high-risk Gmail users, those likeliest to be targeted on the web, a new two-factor authentication feature is available that uses a physical hardware token to help validate you.
The physical hardware token – typically an external hardware drive – will use PKI and a digital signature. Google didn’t go into too much detail on the actual process, but I imagine it would be like signing any other file or email digitally. Regardless, an attacker would need to have both your password and the physical key to access your account, making this an extremely useful feature, even if it does complicate the process of signing in.
The other unfortunate side effect is the third-party apps will no longer be able to access your Google account once enrolled in the program. The OAuth account linking protocol will no longer work. This includes Apple Mail. It will also take longer to restore a password.
The tokens cost 20 dollars a piece.
What we Hashed Out (for Skimmers)
- Google adding two new security features to Chrome
- Predictive phishing detection uses Safe Browsing insights to predict phishing sites
- Google has also added two-factor authentication with a physical token for high-risk users.