Stronger protection for additional sensitive actions taken in Gmail
Google is further strengthening its protections around Gmail, and from now on, you'll have to verify it's you through whatever 2FA method you prefer. It covers changing settings related to filters, forwarding, and IMAP access.
When these actions are taken, Google will evaluate the session attempting the action, and if it's deemed risky, it will be challenged with a Verify it's you" prompt. Through a second and trusted factor, such as a 2-step verification code, users can confirm the validity of the action. If a verification challenge is failed or not completed, users are sent a Critical security alert" notification on trusted devices.
Seems like a good move.