Here’s why Google is forcing JavaScript use on its sign-on pages

Google rolled out four new security features for account holders, continuing its efforts to give users more autonomy when it comes to protecting their information.
Pixabay -- CC0 Public Domain

Google rolled out four new security features for account holders Wednesday, continuing its efforts to give users more autonomy when it comes to protecting their information.

Among the changes announced is an automatic risk assessment that will be conducted when a user visits a Google sign-on page. The assessment forces a user to turn on JavaScript, otherwise the sign-on form can’t be accessed.

In a blog post, Google Product Manager Jonathan Skelker writes that the vast majority of users already enable JavaScript, but 0.1 percent keep it disabled in order to save bandwidth or reduce page load time.

Among the processes that leverage the extra performance are bots, which often use headless browsers. Those browsers — which allow browser code to be run without a graphical user interface — often ignore JavaScript altogether.


Additionally, Google is expanding notifications to Android users on what data they are sharing with applications. Previously, Google was letting users know if they were sharing particular data, such as Gmail data or Google Contacts. Those notifications will now let users know if they are sharing any data from their Google account.

“It’s really important that you understand the information that has been shared with apps or sites so that we can keep you safe,” Skelker writes.

Another feature will let Google plug data from Google Play Protect — Android’s automated application security software — into the company’s security checkup for users. This will give users another way to check if any malicious third-party apps have been installed on a device.

In the event that an account does get compromised, Google now has a step-by-step process for users to follow that can mitigate damage done with unauthorized account access.

Google will now check if an account user has verified critical security settings and will work to secure other accounts a user may have. The company will also check financial activity through payment methods connected to your account, like a credit card or Google Pay, to see if those methods were abused.


“Online security can sometimes feel like walking through a haunted house—scary, and you aren’t quite sure what may pop up,” Skelker writes. “We are constantly working to strengthen our automatic protections to stop attackers and keep you safe you from the many tricks you may encounter.”


Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts