Google is adding another layer of security to personal Gmail accounts to prevent hackers from tampering with sensitive settings.
The company has already been auto-enrolling Google accounts in multi-factor authentication (MFA), which requires you to log in with a password and a secondary step, like typing in a code from an authenticator app, acknowledging a Google prompt, or using physical security key.
The company is now going to issue MFA prompts when someone is trying to change a Gmail account's settings for email filtering, forwarding, and IMAP access, which can let third-party clients retrieve emails from an inbox.
In the wrong hands, all these functions can be exploited to reconfigure a Gmail account to send your emails to someone else. So going forward, "when these actions are taken, Google will evaluate the session attempting the action, and if it’s deemed risky, it will be challenged with a ‘Verify it’s you’ prompt," Google said in a blog post on Wednesday.
The prompt will ask the user making the change to sign in again through a secondary form of authentication, like a Google-generated notification on the account holder’s smartphone. “If a verification challenge is failed or not completed, users are sent a ‘Critical security alert’ notification on trusted devices,” the company says.
The security safeguard could stop hackers from tampering with your Gmail account if they’ve managed to break in once. The same safeguard could also prevent someone nearby from misconfiguring your Gmail account if you happen to be physically away from your unlocked PC. But on the flip side, the increased security could annoy users if the MFA challenges become a hassle.
The company is implementing the change a year after it began
Read more on pcmag.com