Google’s email service, Gmail, is introducing several security upgrades aimed at enhancing user protection. However, while these changes are designed to bolster security, they might also lead to user inconvenience and confusion due to the added verification steps.
The updates specifically target what Google terms “sensitive actions” within Gmail, encompassing various functions. If Gmail detects any potentially suspicious activity related to these actions, users will be prompted with a “verify it’s you” prompt. Google believes that these measures will bolster security across the platform, but some users might perceive the alerts as excessive or even dubious, potentially causing further confusion.
Google classifies sensitive Gmail actions into several categories, each of which could potentially compromise a user’s account if exploited by threat actors or criminals. These categories include:
- Filters: Creating a new filter, editing an existing filter, or importing filters
- Forwarding: Adding a new forwarding address from the Forwarding and POP/IMAP settings
- IMAP access: Enabling the IMAP access status from the settings
When any of these actions are triggered, users will receive a verification check, often in the form of a two-step verification process, such as approving a notification on a paired device or entering an SMS code. In the event of a failed verification challenge or incomplete verification, users will receive a “Critical security alert” notification on their trusted device, which allows them to secure their account.
This feature is being rolled out to all Google Workspace customers and users with personal Google Accounts. The rollout does not require end users to take any specific action. However, Google Workspace customers must use Google as the identity provider, as SAML support is not yet available.
These security updates are part of Google’s ongoing efforts to ensure the safety of its platform for users. Recent additions, like client-side encryption (CSE) for Gmail, have aimed to provide an extra layer of protection by restricting access to personal or corporate data to authorized individuals within an organization and its recipients. As Google continues its quest to maintain a secure environment, users can expect a balance between enhanced security and user experience improvements.
