Posts

Making Google prompt the primary choice for 2-Step Verification

/in

In July, we began inviting users to try Google prompt as their 2-Step Verification (2SV) method, instead of SMS text messages. Google prompt is an easier and more secure method of authenticating an account, and it respects mobile policies enforced on employee devices.

Sign In- Google Prompt

With that in mind, we’re now making Google prompt the first choice when users turn on 2SV (previously, SMS was the primary choice). Once 2SV is enabled, users will still have the option to set up SMS, the Google Authenticator app, backup codes, or Security Keys as their alternative second step.

My Account

This will only impact users who have not yet set up 2SV. Current 2SV users’ settings will be unaffected. In addition, if a user attempts to set up 2SV but doesn’t have a compatible mobile device, he or she will be prompted to use SMS as their authentication method instead.

Users can set up 2SV from their My Account page.

A few things to note:

  • A data connection is required to use Google prompt.
  • Users with iOS devices will need to install the Google app in order to use Google prompt.
  • G Suite Enterprise domains can choose to enforce Security Keys to meet more advanced security requirements.
Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to all G Suite editions

Rollout pace:
Gradual rollout (up to 15 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

New built-in Gmail protection to combat malware in attachments

/in
Today we announced new security features for Gmail customers, including early phishing detection using machine learning, click-time warnings for malicious links, and unintended external reply warnings. In addition, we have also updated our defences against malicious attachments.

Let’s take a deeper look at the new defences against malicious attachments. We now correlate spam signals with attachment and sender heuristics, to predict messages containing new and unseen malware variants. These protections enable Gmail to better protect our users from zero-day threats, ransomware and polymorphic malware.

In addition, we block the use of file types that carry a high potential for security risks including executable and javascript files.

Machine learning has helped Gmail achieve more than 99% accuracy in spam detection, and with these new protections, we’re able to reduce your exposure to threats by confidently rejecting hundreds of millions of additional messages every day.

Constantly improving our automatic protections

These new changes are just the latest in our ongoing work to improve our protections as we work to keep ahead of evolving threats. For many years, scammers have tried to use dodgy email attachments to sneak past our spam filters, and we’ve long blocked this potential abuse in a variety of ways, including:

  • Rejecting the message and notifying the sender if we detect a virus in an email.
  • Preventing you from sending a message with an infected attachment.
  • Preventing you from downloading attachments if we detect a virus.

While the bad guys never rest, neither do we.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Editions:
Available to all G Suite editions

Rollout pace:
Full rollout (1-3 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

 

Reference by Google.com