Stronger protection for additional sensitive actions taken in Gmail

Thom Holwerda 2023-08-24 Google 5 Comments

Google is further strengthening its protections around Gmail, and from now on, you’ll have to verify it’s you through whatever 2FA method you prefer. It covers changing settings related to filters, forwarding, and IMAP access.

When these actions are taken, Google will evaluate the session attempting the action, and if it’s deemed risky, it will be challenged with a “Verify it’s you” prompt. Through a second and trusted factor, such as a 2-step verification code, users can confirm the validity of the action. If a verification challenge is failed or not completed, users are sent a “Critical security alert” notification on trusted devices.

Seems like a good move.

About The Author

Thom Holwerda

Follow me on Mastodon @[email protected]

5 Comments

2023-08-25 12:02 am

sukru
First,

Why do I have to login every other day, along with the annoying, but trivial captcha?

Access Denied
Allow Request
You have been blocked from entering information on this site. In order to prevent this from happening in the future, complete the request below to have the admin add your IP to a list that allows you full access.

Please enter your email address and a short note requesting access here.

That being said…

GMail is moving from original easy and fast interface to a more “Exchange” replacement one. We now have at least 3 different UIs as options in the web app: original (-ish), two column, and horizontal split. We have tabs, app-in-app views (calendar, notes, etc). And overall it takes significantly long times, especially on older machines.

I wish they had an option to have the “old simple web based gmail, without any of the corporate stuff”.

(That being said, yes additional security is good. But I hope they will not lock down IMAP/POP behind an oauth/saml barrier).

2023-08-25 1:05 am

Alfman verbose=1
sukru,

(That being said, yes additional security is good. But I hope they will not lock down IMAP/POP behind an oauth/saml barrier).

You’d know more than me, but didn’t google already did that for free accounts?
https://superuser.com/questions/1708155/how-to-keep-imap-access-to-gmail-after-may-30

I don’t use it personally, but for a corporate job I implemented a process to poll a gmail account over imap. It did not work by default and we needed to take the steps listed above. My understanding was that the option is disabled for regular users without corporate accounts.

2023-08-25 1:17 am

sukru
Alfman,

I did not know they were already moving in that direction. Thanks for the link.

Yet, still there seems to be a way:

Use an App Password: If you use 2-Step Verification, try signing in with an App Password.
Important: If you sign in with OAuth, use your regular Google password.
Allow less secure apps: If you don’t use 2-Step Verification, you might need to allow less secure apps to access your account.

So, if you have 2FA, then an “app password” can be used to enable IMAP (which I was using without knowing this restriction).

This also was something else I did not know, and very concerning (my Inbox is over 28GB, though I normally don’t sync “All Mail”):

Important: To avoid temporarily locking yourself out of your account, make sure you don’t exceed 2500 MB per day for IMAP downloads and 500 MB per day for IMAP uploads. If you’re setting up a single IMAP account on multiple computers, try taking a break between each setup.

2023-08-25 1:10 am

Alfman verbose=1
sukru,

Why do I have to login every other day, along with the annoying, but trivial captcha?

Yes, is osnews aware of the “access denied form” that all of us are seeing on every login and post? It is become a real nuisance for all of us! Also, the “edit comment” feature is broken now too. The osnews account/RSS links are missing too. I’m guessing a wordpress upgrade broke these things recently.

2023-08-25 1:18 am

sukru
So it is not only me. I thought I was singled out for some reason.