Along with a major design overhaul to its email client service, Google is soon also rolling out layers of new security features for Gmail and other G Suit apps.
The security features are essentially two-step authentications, which are aimed at protecting against phishing attacks, especially through e-mails. While the design overhaul has started to show up for some Gmail users, the security feature will be rolled out eventually.
As announced by Google in its blog, starting 07 May, 2018, all G suite clients, “who currently sign-in with Security Assertion Markup Language (SAML) on provider’s website”, will be brought to a new screen on accounts.google.com to confirm their identity.
Google explains that the new security layer is intended to prevent potential attackers from tricking a user into clicking a link, which can possibly, silently sign them into a Google Account that is controlled by an attacker.
Additionally, the two-step verification does not apply to each and every login. Google says that the security feature will be activated to verify only once per account per device. Once a user has validated a particular device, they will never be asked to go through additional security checking. The new security feature is only available for Gmail users using a Chrome browser.
For the unacquainted, phishing attacks are a fraudulent practice of sending emails to target users feigning to be from reputable companies or a person. Once these posers gain a victim’s confidence, they persuade the user to reveal personal information, such as passwords and credit card numbers.
However, with users being a bit reluctant about sharing their information these days, attackers have also sharpened their phishing techniques. Phishing is now mostly done via links, which are sent to users, with misleading descriptions. When clicked on, these links either bait you into sharing details, or extract a lot of it from your saved data.
Such attacks are what Google is attempting to guard its users against. Even for Gmail on iOS, the email app now prompts a notification, if it thinks a link shared with the users is suspicious.