Gmail Users Urged to Enable 2FA as Google Introduces Critical Security Alerts
Google's New Security Measures Aim to Protect Gmail Users from Unauthorized Access
Google is urging Gmail users to enable two-factor verification (2FA) as it rolls out a critical security alert system to prevent unauthorized access to accounts. The system aims to protect users when certain sensitive actions are taken that can impact their Gmail account.
The sensitive actions that trigger these alerts include creating, editing, or importing filters; adding a new forwarding address; and enabling IMAP access status. When a user performs one of these actions, Google will evaluate the session to assess the level of risk. If the action is deemed risky, Gmail will display a prompt requesting further verification of the account holder’s identity.
To complete the verification challenge, users will need to provide a trusted second factor, such as a 2FA code from an authenticator app, text message, phone call, Google Prompts, or a hardware security key. Failure to complete the verification challenge will result in a critical security alert notification sent to all trusted devices linked to the account.
In addition to the new security alert system, Google is expanding the use of AI to enhance security in its Google Workspace. AI will automatically classify and label data in Google Drive, enabling data protection controls like data loss protection and context-aware access based on policy. Client-side encryption is also being enhanced, and mobile app support is being added for Calendar, Gmail, and Meet.
Furthermore, Google is making 2FA mandatory for select enterprise administrators, requiring a multi-party approval process for sensitive actions. Users who do not have a mobile phone or prefer not to provide their phone number can still enable 2FA through alternative methods such as using a hardware security key or opting for Google Prompt, which sends a verification prompt to any logged-in device.
Gmail users are encouraged to enable 2FA to protect their Google accounts from malicious takeover. Administrators of Workspace accounts can visit the help center to explore available options and temporarily disable login challenge prompts if needed.
The new critical security alert system is gradually being rolled out and may take a week or two before users start seeing the prompts. Enabling 2FA is a simple and effective measure to enhance Gmail account security.
