Google won't let you sign in if you disabled JavaScript in your browser

Google announces for new security features to protect Google accounts.

Video: Google's vision for machine learning in its G Suite

This article originally appeared on ZDNet.

Google announced today four new security features for securing Google accounts. These four updates are meant to bolster protections before and after users sign into accounts, but also in the case of recovering after a hack.

According to Google's Jonathan Skelker, the first of these protections that Google has rolled out today comes into effect even before users start typing their username and password.

In the coming future, Skelker says that Google won't allow users to sign into accounts if they disabled JavaScript in their browser.

The reason is that Google uses JavaScript to run risk assessment checks on the users accessing the login page, and if JavaScript is disabled, this allows crooks to pass through those checks undetected.

This change is likely to impact only a very small number of users --around 0.01 percent according to Google's data-- but it will likely impact bots harder, as many of them run through headless browsers where this feature is turned off for performance reasons.

Image: Google

The second new security feature is related to malicious Android apps that users might have installed on their phones.

Google plans to pull data from Google Play Protect, a security scanner included with the official Google Play Android app, and list all malicious apps that are still installed on a user's Android smartphone.

This information will be shown inside the Google Security Checkup section of a Google account in the coming weeks, although this reporter believes this information should be plastered on a user's screen right after he logs into his Google account so that the user can take action as soon as possible.

Image: Google

The third new feature is related to third-party apps and websites that a user has granted permission to access Google account data in the past.

"We already notify you when you've granted access to sensitive information -- like Gmail data or your Google Contacts -- to third-party sites or apps, and in the next few weeks, we'll expand this to notify you whenever you share any data from your Google Account," Skelker explained today in a blog post.

Just like the previous feature, Google plans to list all the third-party apps and websites that gained access to a user's Google data in the soon-to-be-very-crowded Security Checkup section.

Image: Google

Last but not least is a security feature that Google plans to use after an account hack. This feature is already live and is a new set of procedures for regaining access and re-securing compromised profiles.

The procedure is detailed in this Google support page, and besides just helping users regain access to accounts, it will also help them check financial activity related to Google Pay accounts, review new files added to Gmail or Drive, and secure other accounts at other services that are tied to the main Google account.

This GIF shows a preview of how this new account recovery process works, without you having to trigger one just to find out how it works.

Also see

By Catalin Cimpanu

Catalin Cimpanu is a security reporter at ZDNet, where he covers cyber-security, data breaches, hacking, and other related topics. He previously served as security reporter for Bleeping Computer and Softpedia. Catalin is based in Romania.