8 Google Workspace User Password Security Practices for Admins

The 8 Practices of Password Security for Google Workspace Admins

See GAT Labs
in action

Table of Contents

MAINTAIN GOOGLE WORKSPACE USER PASSWORD SECURITY (AND ENSURE LOGIN EASE)

Ever thought about how many passwords your users enter every day?

From that first password they use in the morning, to recurrent ones they enter multiple times a day.

Now think about how you (and your users) protect these passwords.

Do you have a bullet-proof process to secure Google Workspace users’ Logins? 

According to Google, 75% of Americans feel frustrated trying to maintain and keep track of their passwords. Meanwhile, stolen passwords are one of the simplest and most common causes of data breaches.

As an admin, you need to strike the right ‘’secure-login-ease’’ balance to ensure a smooth process for your users.

In this post we’ll show you how to achieve that while protecting your users (and domain) against unauthorized Google Workspace access:

The 8 GOOGLE WORKSPACE USER PASSWORD SECURITY PRACTICES FOR ADMINS

 

1. ENABLE TWO-STEP VERIFICATION (2FA)

Two-step verification adds another login protection layer, even if a password becomes known or is brute force

Therefore, you need to push out 2FA to your users, especially admin accounts and users who deal with more sensitive information or are more likely to get attacked.

According to Google, ”A hacker could steal or guess a password, but they can’t reproduce something only you have”.

 

TWO-STEP VERIFICATION BEST PRACTICES

  • Audit which users have 2FA on. Get alerted on disabled 2FA for your users to make sure they’re always protected.
  • Combine 2FA with a managed company phone for additional protection.

 

2.  SECURE IDENTITY VERIFICATION WITH CONSTANT ZERO TRUST MFA

Want ultimate Google Workspace user password security?

Constant user identity verification using Zero-trust MFA is your answer then. 

Zero trust verification extends user login protection from being a ‘once at login’ act, to an ongoing user identity verification process.

The best thing about this approach is that it doesn’t complicate things for your users as it typically relies on biometric authentication (like a user’s unique typing style). 

It automatically works in the background, constantly verifying as the user is logged in, without them having to go through any additional steps.

Remember: Zero Trust= Never Trust, Always verify!

user-password-security-login-Zero-trust-mfa-google-workspace

 

3.  SEND OUT USER PASSWORD SECURITY REMINDERS

FACT: 90% of data breaches are caused by human error or negligence! 

For example, 53% of users use the same passwords for multiple accounts. That’s the perfect recipe for credential stuffing

Simple human errors can often be avoided with constant reminders that stick in, and ultimately raise employees’ security awareness.

That’s why it’s important to send out regular password security reminders to refocus your users’ attention.

BONUS: Share our 10 Dos and Don’ts of Google Workspace Password Security with your users to get the ball running.

 

4. AUDIT USER PASSWORD SECURITY ACTIVITY:

Review suspicious user login activity across your domain regularly. This will help you catch any login-related threats on time.

Here’s what you want to check:

You can use GAT+ to set up location-based alerts for logins from outside whitelisted areas.

 

5. SET UP TIME AND AREA LOGIN CONTROL

Another way to get more granular on users’ login processes is by restricting login based on ‘Time and Area’ windows.

This means that users can only log-in during certain hours you specify, and can only do so from particular locations. 

This more strict type of Login control can be particularly useful for protecting more ‘’at-risk’’ users who have fixed working hours and work from unchanged locations.

Note: You’ll need a 3rd party Google Workspace Security tool to set this up for your users.

 

6. SECURE THIRD-PARTY ACCESS:

Too often users unknowingly give massive access permissions to apps (or extensions) that don’t really need that much access to their Google Workspace account.

This can result in unexpected security breaches.

While user security awareness plays a crucial role here, as an admin you need to:

 

7. WISELY HANDLE COMPROMISED ACCOUNTS:

‘Timely detection’ is one of the most important factors in minimizing the damage a compromised account can cause

SEE: The 4 Tell-tale Signs of a Compromised Google Workspace Account.

After you’ve successfully identified a compromised account, how do you deal with it? — Here’s our recommended drill:

  • Deactivate the account right away.
  • Review and fix any damages/ breaches caused.
  • Reset Password and reactivate the account.
  • Revoke old tokens and cookies.
  • Reset App passwords for all devices used to access this account.
  • Reassign the account to the user.

8. ENFORCE LEAST-PRIVILEGE ACCESS:

The principle of least privilege (PoLP) is an InfoSec concept where a user is given the minimum levels of access – or permissions – needed to carry out his/her job functions.

For example, a user account created for a payroll doesn’t need admin rights, while a programmer doesn’t need access to HR records.

This best practice helps you better audit and protect your Google Workspace domain, and facilitates damage control actions in the event of a breach.

Learn more about enforcing least privilege with role recommendations in Google Cloud.

 

Closing thoughts

Locking your domain’s Google Workspace password security and authentication processes is exactly like securing your company’s virtual gates — You need to make sure the system is impeccable. 

This requires a combination of powerful Google Workspace security and auditing practices that work in line with users’ security awareness to always stay one step ahead.

 

Food for thought: A Passwordless future?

Now that we’ve talked about the importance of passwords, what do you think of a passwordless future? — According to TechRepublic, that passwordless future is already here.

Let us know your thoughts on the subject on help@gatlabs.com 😉.

Stay in the loop

Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.

Related Posts

Admin

Google Workspace Admins’ Most Liked Blog Posts in 2022

Google Workspace Admin, are you a lifelong learning fan?  If so, you are in good hands. Instead of looking for learning opportunities blindly somewhere, take …

Read More
Admin

New Year Gmail Clean-Up for Google Admins

It’s a moment of truth, Google Workspace Admin – did your domain users finish 2022 with a mess in their Gmail? If you said “yes”, …

Read More
Admin

Christmas Phishing Emails you Need to Watch out for

Every year online hackers improve their methods of tricking to use them during the festive season. Christmas phishing emails are one of the gifts no …

Read More
Admin

True or False? 4 Questions for Google Workspace Admin

Google Workspace Admin may have and receive a lot of questions about this tool and we totally understand that – it’s a complex package of …

Read More