The security of your Gmail email, and by extension the entire Google account attached to it, is very important. It’s imperative you don’t make it easy for hackers to get in and extract data that can then hurt you. The way to ensure the safety of your account starts with a strong, unique password. Then, you can add two-factor authentication (2FA), use a passkey, or employ hardware security keys.
But Google thinks it’s prudent to add another layer of security to your Gmail email, one that might take you by surprise if you’re not aware of it. It’ll happen next time you try to set up or edit filters in Gmail, or set up email forwarding. Google might determine that it needs to verify it’s really you who is trying to edit Gmail’s settings.
Google detailed the new Gmail security protections in a blog post on its Workspaces blog. The company built onto last year’s identity verification features that were deployed for certain actions taken inside Google Workspace accounts.
The “Verify it’s you” challengers will be available to all Gmail users, including Workspace and free Gmail accounts.
The “Verify it’s you” prompts might appear in one of three cases, each of them labeled as sensitive actions taken in Gmail:
Filters: creating a new filter, editing an existing filter, or importing filters.
Forwarding: Adding a new forwarding address from the Forwarding and POP/IMAP settings.
IMAP access: Enabling the IMAP access status from the settings. (Workspace admins control whether this setting is visible to end users or not)
Once you perform any of these actions in Gmail, Google will determine whether it’s risky. That’s when the “Verify it’s you” prompt kicks in:
Through a second and trusted factor, such as a 2-step verification code, users can confirm the validity of the action. If a verification challenge is failed or not completed, users are sent a ‘Critical security alert’ notification on trusted devices.
That means you’ll likely need your phone close by, in case you’re performing these risky actions on a computer.
Why is Google adding this extra security layer to Gmail? Even strong passwords, 2FA and/or passkeys might not be enough to secure your data. There might be instances where an attacker manages to grab one of your devices where you’re already logged in. Maybe it’s someone you don’t expect to be spying on you.
I already showed you how easy it is to set up filters to unclutter your Gmail inbox. Similarly, I showed you how to auto-forward emails in Gmail for something trivial like bypassing the Netflix password-sharing ban verifications.
Hackers might try to set up filters inside Gmail to find specific emails Or to set up forwarding rules. The point is you’ll never know it happened if they are successful. After all, it’s not like you visit those settings options that often.
As for IMAP settings, hackers/attackers might want to access your Gmail emails from their own computers.
With that in mind, you should not be surprised if Google wants to verify it’s you the next time you mess with the Gmail filter and forwarding settings. Or when you set up your email client on a Mac or PC. Google might send you “Verify it’s you” prompts, which you’ll have to go through to continue setting up your Gmail settings.
The new security feature started rolling out on August 23rd, but it might take a few weeks to reach your account, depending on your type of Workspace/Gmail access. You can read all about it at this link.
Also, if you’re a Workspace admin, you might want to revisit this video from August 2022 that shows similar user verification features in action.
