Gmail's new feature will roll out in the coming weeks as Google amps up security on certain actions taken on Gmail. These are related to filters, forwarding, and IMAP access.
Google is all set to amp up its protection for all users on certain actions taken in Gmail. Last year, Google had introduced stronger safeguards for sensitive actions taken in Google workspace accounts in order to better protect them. These were applied to actions that, when performed by hijackers, would have far-reaching consequences for the account owner or the organisation it belonged to. Essentially, Google would evaluate the session attempting the action, and if it was deemed risky it would challenge the user with a “Verify it’s You” prompt.
Google is extending its protection in actions related to:
Filters: creating a new filter, editing an existing filter, or importing filters.
Forwarding: Adding a new forwarding address from the Forwarding and POP/IMAP settings.
IMAP access: Enabling the IMAP access status from the settings.
If any of the mentioned actions take place, Gmail users would receive a critical security alert if Google deems it “risky” after evaluation. After that, through a second trusted factor, such as a 2-step verification code the user would be verified while confirming the validity of the action. However, if the verification fails, users would be sent a “Critical security alert” notification on trusted devices.
It should be noted that this feature supports only users who use Google as their identity provider. SAML users are not supported at the moment.