Prevent phishing attacks on your users
As a G Suite administrator, you can help your users avoid phishing attacks by implementing the Password Alert extension to users of your domain. Password Alert will detect if users enter their Google password into any web sites other than the Google Sign in page accounts.google.com.
In addition to the default features of the Chrome extension, administrators can deploy the Password Alert Server to enable password alert auditing, send email alerts, and force end-users to change their Google password if entered into a non-trusted web site.
To deploy the Password Alert extension and server for a Google Cloud domain you manage, refer to the Password Alert Deployment Guide. The Deployment Guide describes the following critical steps required for a successful deployment of Password Alert:
- Configuring and deploying the Password Alert Server hosted on the Google App Engine application
- Configuring and deploying the Password Alert Chrome extension and policies
- Using the Password Alert Administrator interface
- Deploying Password Alert best practices
Password Alert Server Requirements
You’ll need the following items before you install Password Alert:
- G Suite — You'll need to be able to use Chrome App Management and the Google Admin SDK. You'll use these services to deploy the extension and to force password resets.
- Google App Engine — You need experience installing Google App Engine applications. The Password Alert Server application will need to be hosted on the Google App Engine.
- Access to github — You’ll need to be able to access github to acquire the Password Alert pre-built Server application files. You can also choose to compile and view the source code.
- Access to the Chrome Web Store — You’ll need to be able to access the Chrome Web Store to install the Password Alert Chrome extension.
End User Requirements
Password Alert only begins working for each user after they log in to their Google Cloud account on their authenticated Chrome browser. Each user must:
- Sign in to their Chrome Browser — Users will need to sign in to their Google Cloud account on their Chrome browser. You can remove this requirement by setting a pre-shared key and then deploying the extension and a policy template to your corporate-managed device.
- Sign in to accounts.google.com — Users will need to re-sign in to accounts.google.com to initialize Password Alert. Users are automatically prompted to sign in every two weeks. You can also configure installation to prompt users to sign in to accounts.google.com immediately.
Note: The Password Alert feature is not supported by the G Suite support team. If you're experiencing issues with this feature please visit the G Suite Help Forum.
At this time, Password Alert is an open source solution to be installed, run, and maintained by each G Suite organization. If you strongly prefer a Google-hosted solution provided through the G Suite Marketplace, please enter your contact information here and we will notify you when such a solution becomes available.
Questions? For answers, see the FAQ.