Today I got the following notification on my Android phone, allegedly from Google:
I haven't typed my Google password on my phone recently, nor has my account changed. Hmm. I saw a few possibilities:
Google legitimately wants me to re-enter my password, but their notice is wrong.
Phishing, though there's no obvious vector (no recent apps or suspicious web sites).
Compromised account, though that seemed very unlikely. (I use a very strong password for Google.)
When I got home (and thus to another computer) I verified that #3 was not the case. I then began searching for explanations for this notice. I had a wisdom of the ancients moment -- people have been having this problem since at least 2014, but no solutions were extant. I saw enough to decide that the notice really was from Google (so, #1) and re-entered my password, and lo, email returned to my phone.
So what was that? It's ok with me if Google wants to require re-authentication periodically on small, stealable devices with access to significant personal information, but if that's what happened, couldn't they tell us?