Google Accounts Get New Verification Feature to Prevent Phishing Attacks
A safe and secured web is the dream of every netizen and Google is working relentlessly to fulfill the dream. As their latest effort, Google has introduced a New Google Account Verification feature to protect users from becoming the victims of phishing attack. This verification feature will make a verification screen appear on screen whenever G Suite users attempt to sign in to their accounts from a third-party site. This security screen will roll out on 7th May of this year. From the very beginning, it will be available to all end users of G Suite. Google’s new verification screen will be available only to those G Suite users who access web using Google Chrome. Let’s learn more about this new verification feature that Google has introduced to save G Suites users from Phishing.
How Does New Google Account Verification Feature Works
The new verification screen will work as an additional layer of security when there are third-party logins using SAML single sign-on (SSO) protocol. SAML SSO does not require any interaction from the users’ end during sign-in process. It instantly makes users sign in to their accounts. That is why most attackers use SAML SSO to lure G Suite users into accessing Google account controlled by the attackers. Now this verification page from accounts.google.com will ask the users if the email account they are about to access truly belongs to them or not. Users can either confirm that the account belongs to them, or they can click on “I don’t recognize this account” link to deny. During the latter situation, users might want to investigate who is trying to trick them into entering a malicious website.
What is the Aim of Google’s New Account Verification Feature
Google has two targets in mind while launching this feature. The first aim of New Google Account Verification is obviously to prevent the abuse of SAML SSO protocol by attackers. Every day, a large number of Internet users fall prey to the phishing attackers by clicking on links spread through emails or social networking websites.
Besides, Google is looking for creating a consistent identity and this feature is a part of it. The consistent identity is the one id that users may use across Google web services and the native services of Chrome web browser. The G Suite users who are already logged in to their account can take advantage of Chrome browser’s native features. However, they will need extra security during authentication that can be provided by new verification screen by Google.
How to Disable New Security Screen
Google is still keeping this New Google Account Verification feature optional as users can disable this feature anytime they want. G Suite admins can disable this feature for their organization by using X-GoogApps-AllowedDomains HTTP header. This header can be used to determine certain domains, users of which can have access to Google services. After the service is disabled, users of those domains will not see the verification screen, as Google will deem those domains trusted by those account users.
Google understands that this New Google Account Verification feature will interrupt the regular activity of the users. However, security of your online account and information comes before everything else. Keeping the user convenience in mind, initially this screen will be shown once per person/device. This screen will not be shown to the people who sign in directly to their G Suite services or on devices with Chrome OS. If you use G Suite or Cloud credentials as your identity, you will be spared from seeing the security screen. Google confirmed that they are working to improve this feature so that users get to see it less often.