Your Gmail account is going to get some welcome security upgrades, but enabling it might have you jumping through hoops a few more times than expected.
The changes affect what Google calls “sensitive actions” in Gmail, which cover a number of areas, and if the email service detects something potentially suspicious, it challenges the user with a “confirm it’s you” prompt.
In a blog postGoogle said the changes will help increase security for users across the platform, but some find the warnings in themselves exaggerated or even suspicious, potentially leading to further confusion.
Improving Gmail’s security
Google categorizes sensitive Gmail actions into several categories, each of which says they could allow threat actors or criminals to enter a user’s account:
- Filters: Create a new filter, edit an existing filter, or import filters
- Forwarding: Add a new forwarding address from the Forwarding and POP/IMAP settings
- IMAP access: Enable the IMAP access status from the settingsEmpty list
When one of these is triggered, users receive their verification check, which typically takes the form of a two-step verification action, such as approving a notification on their paired device or entering an SMS code.
If the user fails the verification challenge, or does not complete it on time, he or she will receive a “Critical security alert” notification on their trusted device (see image below), which the user can use to lock their account.
The feature is now rolling out to all Google Workspace customers and users with personal Google accounts, with no end user action required. Workspace customers must have Google as their identity provider because SAML is not yet supported.
The news is the latest security update for Gmail in recent months as Google looks to ensure its platform remains secure for users around the world. Recently, the company added client-side encryption (CSE), a way to protect and control access to personal or company data, to Gmail, providing an extra layer of protection as this should mean no one can read emails sent. read or calendar items, but those in an organization and the recipients.