Back in May, Google communicated the upcoming launch of login challenges–a new feature aimed at keeping domain accounts safe from hijackers, even if they have attained a user’s username and password. The login challenges feature was rolled out slowly over the past few weeks, and impacted a large number of domains this week. The initial intent was not to expose this feature to users with 2-Step Verification enabled and domains using SSO. While the challenge feature is not enabled for domains using SSO, many users in these domains did see a prompt to enter their phone number as a means of verifying their identity in the future. This understandably caused confusion and led to escalations to admins. Upon hearing of this confusion, the launch of the interstitial prompt was temporarily rolled back for all domains until SSO domains can be fully excluded, at which point it will be relaunched. Google is passionate about keeping their users’ information safe and secure, so they do plan to enable login challenges for domains using SSO later this year. Furthermore, enabling 2-Step Verification provides the highest level of protection for users, so they encourage domains to take advantage of this offering to protect their data.
For more information:
LATEST 