In an update on its G Suite blog, Google announced the other day a new security feature for Google account holders who also happen to rely on Chrome for their web browsing activities.
Google wants to improve the security of your Google account by verifying that you’re indeed looking to sign into a Google account that you control. The move is meant to prevent anyone from silently signing into a Google account that may be owned by a malicious third party.
However, not all Google users will see this new screen, as Google is targeting third-party logins specifically. The new security feature will be available starting on May 7th, according to Google. But that’s only as long as you use Chrome, and as long as you access Google G Suite services through your organization.
After signing in on a SAML provider’s website, you’ll see a new screen from accounts.google.com that will ask you whether you recognize the Google account you’re about to sign in. If the Google account is yours, then you can proceed with the sign-in. If it isn’t, then you’re probably want to investigate the matter, as it means someone might be trying to fool you into signing into a different Google account that should have no access to those services.
The move is meant to halt phishing attacks that might target your organization attempting to fool users into quietly signing into a malicious account.
The screen will only be shown once per account per device, to minimize disruption to the user. In the future, Google says that users should see it less and less, as the system gets context-aware features. Admins can also disable the screen for their organization for specific domains that are supposed to be trusted to access Google services.