Alphabet’s (NASDAQ: GOOGL) Google unit has announced that it will no longer be allowing sign-in attempts that don’t take place within a dedicated web browser. According to the company, the change will start in June and web developers are already being encouraged to make the change. Google says the move will add an extra layer of cyber security and makes account access more secure for Gmail users.
Google currently lets you use your Gmail username and password to connect to any website that supports it. This is convenient for many users, as it avoids creating more usernames and passwords than they can remember. But now Google is saying that the feature puts users at unneeded risk.
Of particular concern are phishing attacks is known as Man in the middle (MITM) attacks. These attacks capture the user’s credentials to impersonate them online. Because the actual login page is embedded inside another one that acts as a relay, Google can’t differentiate between someone attempting to phish an account and the legitimate owner. To solve the issue, Google will now block sign-in attempts from embedded pages altogether.
Over the last decade, phishing scams have become increasingly more sophisticated to prevent detection. The phishing process can be used with any site and have spread across the internet rapidly through the last several years. Experts say that the best way to not become a victim is to always check the address of the website you are using before entering your credentials.
In recent months, Google has enhanced a number of security features to help protect its users from phishing attacks. One new feature is a “safe browsing” features that notifies users when they’re browsing a potentially harmful website. Another feature notifies users when a new device is used to sign into their account. More features dealing with cyber security are reportedly in the works.