Google won't let you sign in if you disabled JavaScript in your browser

Google announces for new security features to protect Google accounts.

Google announced today four new security features for securing Google accounts. These four updates are meant to bolster protections before and after users sign into accounts, but also in the case of recovering after a hack.

According to Google's Jonathan Skelker, the first of these protections that Google has rolled out today comes into effect even before users start typing their username and password.

In the coming future, Skelker says that Google won't allow users to sign into accounts if they disabled JavaScript in their browser.

The reason is that Google uses JavaScript to run risk assessment checks on the users accessing the login page, and if JavaScript is disabled, this allows crooks to pass through those checks undetected.

Also: 17 ways to recycle or sell your smartphone TechRepublic

This change is likely to impact only a very small number of users --around 0.01 percent according to Google's data-- but it will likely impact bots harder, as many of them run through headless browsers where this feature is turned off for performance reasons. Further, Google also launched reCAPTCHA v3 this week, a new version of its reCAPTCHA technology, which uses JavaScript to compile "risk scores" on a per-user basis. If JavaScript is turned off, this effectively negates reCAPTCHA's capabilities, hence, the reason to prevent users who intentionally disable JavaScript in their browser.

google-javascript-login-alert.png
Image: Google

The second new security feature is related to malicious Android apps that users might have installed on their phones.

Google plans to pull data from Google Play Protect, a security scanner included with the official Google Play Android app, and list all malicious apps that are still installed on a user's Android smartphone.

Also: The first Android phone was an ugly thing, and I loved it CNET

This information will be shown inside the Google Security Checkup section of a Google account in the coming weeks, although this reporter believes this information should be plastered on a user's screen right after he logs into his Google account so that the user can take action as soon as possible.

google-malicious-app-notification.png
Image: Google

The third new feature is related to third-party apps and websites that a user has granted permission to access Google account data in the past.

"We already notify you when you've granted access to sensitive information -- like Gmail data or your Google Contacts -- to third-party sites or apps, and in the next few weeks, we'll expand this to notify you whenever you share any data from your Google Account," Skelker explained today in a blog post.

Also: 13 wacky phones unlike anything you've ever seen

Just like the previous feature, Google plans to list all the third-party apps and websites that gained access to a user's Google data in the soon-to-be-very-crowded Security Checkup section.

google-malicious-app-accessing-data.png
Image: Google

Last but not least is a security feature that Google plans to use after an account hack. This feature is already live and is a new set of procedures for regaining access and re-securing compromised profiles.

The procedure is detailed in this Google support page, and besides just helping users regain access to accounts, it will also help them check financial activity related to Google Pay accounts, review new files added to Gmail or Drive, and secure other accounts at other services that are tied to the main Google account.

This GIF shows a preview of how this new account recovery process works, without you having to trigger one just to find out how it works.

Related coverage: