Gmail has a new security tool that could actually just be quite annoying

(Image credit: Google)

Your Gmail account is set to get a number of welcome security upgrades, but enabling them might mean jumping through several more hoops than expected.

The changes affect what Google calls "sensitive actions" in Gmail, which cover a number of areas, and if the email service detects anything potentially suspicious, the user will be challenged with a "verify it's you" prompt.

In a blog post, Google said the changes will help boost security for users across the platform, but some may find the alerts over-bearing or even suspicious in themselves, potentially leading to even more confusion.

Gmail security boost

Google categorizes sensitive Gmail actions in several categories, each of which it says can allow threat actors or criminals to compromise a user's account:

  • Filters: creating a new filter, editing an existing filter, or importing filters
  • Forwarding: Adding a new forwarding address from the Forwarding and POP/IMAP settings
  • IMAP access: Enabling the IMAP access status from the settingsEmpty list

If any of these are triggered, users will be sent their verification check, which typically takes the form of a two-step verification action such as approving a notification on their paired device, or entering an SMS code.

If the user fails their verification challenge, or doesn't complete it in time,  they are sent a “Critical security alert” notification on their trusted device (pictured below), which the user can employ to lock down their account.

Gmail security alert

(Image credit: Google Workspace)

The feature will be rolling out to all Google Workspace customers and users with personal Google Accounts now, with no end user action required, although Workspace customers will need to have Google as the identity provider, as SAML is not yet supported. 

The news is the latest security update for Gmail in recent months as Google looks to ensure its platform remains safe for users everywhere. Recently, the company added client-side encryption (CSE), a means of protecting and controlling access to personal or corporate data, to Gmail, helping offer an extra layer of protection, as this should mean that no-one can read sent emails or calendar entries but those in an organization and the recipients. 

More from TechRadar Pro

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.