Now Google is updating the two-factor notification pop-ups to be more descriptive so you can be more careful. Traditionally, the pop-up simply asked if you were trying to sign in to your Google account from another device and gave a simple yes or no option. But the new layout gives much more information, including: the browser and operating system of the device being used, the location and IP address, and the time at which the sign-in was attempted. That should make it much easier to spot when someone unauthorized is trying to get into your account.
Unfortunately, it's a bit unclear when you'll see the feature on your phone. Google is starting the rollout with its G-Suite enterprise users before moving on to consumer users. Google even specifically noted that the rollout could be "longer than 3 days", so we'll have to see what that means.
Still, if you're not using this two-factor authentication option from Google, it's something to consider. People often focus on protecting logins for things like banking accounts, but it's important to keep in mind that if someone gets into your email account and hits that "Forgot password" on any other site, that's a very big problem.
source: Google Blog