Google rolls out stronger security protection for certain actions in Gmail

Google has just announced that the protection for additional sensitive actions taken in Gmail that were introduced last year has been extended to specific actions. All these actions will get a “Verify it’s you” prompt if Google deems them risky enough.

This will provide an additional layer of security for Gmail users that are taking sensitive actions in the app, specifically actions related to:

• Filters: creating a new filter, editing an existing filter, or importing filters.
• Forwarding: Adding a new forwarding address from the Forwarding and POP/IMAP settings.
• IMAP access: Enabling the IMAP access status from the settings. (Workspace admins control whether this setting is visible to end users or not)

After getting the prompt, Gmail users will be able to confirm the validity of the action via a 2-step verification code or another similar trusted factor. More importantly, Google says that if a verification challenge is failed or not completed, Gmail users will receive a “Critical security alert” notification on their devices.It’s important to mention that this additional security feature only supports users that use Google as their identity provider and actions taken within Google products (SAML users are not supported).

End users won’t have to look for this feature in the app’s settings, although it’s recommended to enable 2-step verification. The stronger protection for sensitive actions in Gmail will be available to all Google Workspace customers and users with personal Google Accounts.

According to Google, the rapid release domain will be getting the new security feature in the next two weeks, while scheduled release domains will get it in up to 3 days starting September 6.