Gmail only asks for user credentials on initial login, and that login session can last for weeks at a time.
This is of course not as secure as it could be, so soon Gmail will start showing you 2FA challenges if you try to access any "sensitive" settings, even when you are already logged in.
The last protected settings that we will see in Gmail concern certain functions such as filters, account forwarding and IMAP.
Soon, using any of these options will show you a 2FA prompt “Verify it's you” and then you'll have to wait for the challenge to phone (these settings are only available on the web).
If this 2FA challenge fails or is not answered, you will see a bright red “Critical Security Alert” popup alerting you of the failed attempt on all trusted Appliances you.
This security popup will help you stop hackers who want to hack your account. If someone steals your laptop or activates a malicious remote application surfaceof work and you are already signed in to Gmail, the pop-up will keep the attacker away from sensitive settings.
Filters are a security risk, as many other sites notify you of sensitive changes to your account with an email, and a common step attackers take is to try to hide these emails.
Forwarding and IMAP copy your incoming email to other places and could allow the users silently spy on you or steal email credentials.