Google today announced a new change that is coming to Chrome which looks to add an additional level of security to proceedings. However, this is not going to be something that most individual users will encounter or even need to be aware of. This is due to the change relating to the use of Security Assertion Markup Language (SAML). This is largely considered to be the standard protocol used for third-party authentication pages and is therefore likely to be used by a number of businesses and organizations that have a sign-in process as part of gaining access to a site. It is in these instances where the change will primarily be seen and why the announcement came through the company’s G Suite blog, in contrast to a dedicated Chrome announcement - in spite of this being a Chrome-wide change.
Starting from May 7 those signing in to a site which uses SAML as an authentication process will be redirected to a more typical ‘Google login’-looking page to verify who they are once more. The page itself will not actually require the user to login to their Google account, but confirm the account that is being used at the time is the correct Google account. Google states this is a necessary feature noting how it is possible for attackers to make use of Google accounts they control to be signed in to when clicking links, such as with a phishing campaign. With this new measure in place the logging in process via SAML will announce the user’s Google account to the user and therefore any inconsistencies will be noticeable before an issue arises.
Google understands that this might seem like a burdensome task for businesses, organisations, and their associates, and therefore Google has confirmed the use of the extra level of security will only need to be verified once per account (person), per device. Likewise, business and organizations will have the option of disabling the feature altogether if the sites accessed using SAML are trusted enough to begin with. In addition, those businesses and organizations which primarily use Chromebooks and Chrome OS in general will not be affected, as while this change is occurring to Chrome as a whole, it is not to Chrome OS - due to the more unique nature of the operating system. As mentioned, this will also not affect individual users.