A more secure sign-in flow on Wingate’s G-Suite

In order to prevent your account from being hijacked by phishers, starting on May 7th, 2018 (yes, just before the semester ends), after signing in onto Gmail and other G-Suite services from the Wingnet log-in page, you will be brought to a new screen on accounts.google.com to confirm your identity. This screen will provide an additional layer of security and help prevent users from unknowingly signing in to an account created and controlled by an attacker.

To minimize disruption, this feature will only be shown once per account per device. Google is working on ways to make this feature even more context-aware in the future, so that you should see the screen less and less over time.

Protecting against phishing attacks
This new screen is intended to prevent would-be attackers from tricking a user (e.g. via a phishing campaign) into clicking a link that would instantly and silently sign them in to a Google Account the attacker controls. Today, this can be done via SAML single sign-on (SSO), because it doesn’t require a user interaction to complete a sign-in. To protect Chrome users, Google has added this extra protection.

Creating a consistent identity
This new security feature is part of a larger project to create a consistent identity across Google web services (such as Gmail) and native Chrome browser services (like Chrome Sync). This consistency will make it easier for signed-in G-Suite users to take advantage of native Chrome browser features, but it requires additional protection during authentication. This new screen adds that protection and reduces the probability that attackers successfully abuse SAML SSO to sign users in to malicious accounts.