Google takes security very seriously, especially when it comes to logging in to your account. Today, the company has announced a new sign-in feature that should help out with upping the security even further.
Nomad case for Pixel 3
Announced in a blog post today, Google is bringing a new sign-in feature to all Google account holders. This new feature asks users to verify that the account they are signing into is, in fact, their own account. Google says that this is designed to prevent attackers from signing users into accounts they don’t control.
This isn’t something that will directly affect all logins, but rather focuses on securing third-party logins, such as those performed by SAML SSO. In short, most users won’t ever see this screen appear.
This new screen is intended to prevent would-be attackers from tricking a user (e.g. via a phishing campaign) into clicking a link that would instantly and silently sign them in to a Google Account the attacker controls. Today, this can be done via SAML single sign-on (SSO), because it doesn’t require a user interaction to complete a sign-in. To protect Chrome users, we’ve added this extra protection.
As you can see pictured below, this extra layer of security simply asks the user to ensure that the account name shown is the account they intend to sign in to. This likely isn’t something you’d run into often, but it’s a nice addition for security. Google says that this feature will only show once per account, per device. It may even be context-aware in the future to prevent even further disruption.
The feature will go live on May 7th and will roll out to applicable users over the course of a few weeks.