8 Google Workspace User Password Security Practices for Admins

The 8 Practices of Password Security for Google Workspace Admins

See GAT Labs
in action

Table of Contents

MAINTAIN GOOGLE WORKSPACE USER PASSWORD SECURITY (AND ENSURE LOGIN EASE)

Ever thought about how many passwords your users enter every day?

From that first password they use in the morning, to recurrent ones they enter multiple times a day.

Now think about how you (and your users) protect these passwords.

Do you have a bullet-proof process to secure Google Workspace users’ Logins? 

According to Google, 75% of Americans feel frustrated trying to maintain and keep track of their passwords. Meanwhile, stolen passwords are one of the simplest and most common causes of data breaches.

As an admin, you need to strike the right ‘’secure-login-ease’’ balance to ensure a smooth process for your users.

In this post we’ll show you how to achieve that while protecting your users (and domain) against unauthorized Google Workspace access:

The 8 GOOGLE WORKSPACE USER PASSWORD SECURITY PRACTICES FOR ADMINS

 

1. ENABLE TWO-STEP VERIFICATION (2FA)

Two-step verification adds another login protection layer, even if a password becomes known or is brute force

Therefore, you need to push out 2FA to your users, especially admin accounts and users who deal with more sensitive information or are more likely to get attacked.

According to Google, ”A hacker could steal or guess a password, but they can’t reproduce something only you have”.

 

TWO-STEP VERIFICATION BEST PRACTICES

  • Audit which users have 2FA on. Get alerted on disabled 2FA for your users to make sure they’re always protected.
  • Combine 2FA with a managed company phone for additional protection.

 

2.  SECURE IDENTITY VERIFICATION WITH CONSTANT ZERO TRUST MFA

Want ultimate Google Workspace user password security?

Constant user identity verification using Zero-trust MFA is your answer then. 

Zero trust verification extends user login protection from being a ‘once at login’ act, to an ongoing user identity verification process.

The best thing about this approach is that it doesn’t complicate things for your users as it typically relies on biometric authentication (like a user’s unique typing style). 

It automatically works in the background, constantly verifying as the user is logged in, without them having to go through any additional steps.

Remember: Zero Trust= Never Trust, Always verify!

user-password-security-login-Zero-trust-mfa-google-workspace

 

3.  SEND OUT USER PASSWORD SECURITY REMINDERS

FACT: 90% of data breaches are caused by human error or negligence! 

For example, 53% of users use the same passwords for multiple accounts. That’s the perfect recipe for credential stuffing

Simple human errors can often be avoided with constant reminders that stick in, and ultimately raise employees’ security awareness.

That’s why it’s important to send out regular password security reminders to refocus your users’ attention.

BONUS: Share our 10 Dos and Don’ts of Google Workspace Password Security with your users to get the ball running.

 

4. AUDIT USER PASSWORD SECURITY ACTIVITY:

Review suspicious user login activity across your domain regularly. This will help you catch any login-related threats on time.

Here’s what you want to check:

You can use GAT+ to set up location-based alerts for logins from outside whitelisted areas.

 

5. SET UP TIME AND AREA LOGIN CONTROL

Another way to get more granular on users’ login processes is by restricting login based on ‘Time and Area’ windows.

This means that users can only log-in during certain hours you specify, and can only do so from particular locations. 

This more strict type of Login control can be particularly useful for protecting more ‘’at-risk’’ users who have fixed working hours and work from unchanged locations.

Note: You’ll need a 3rd party Google Workspace Security tool to set this up for your users.

 

6. SECURE THIRD-PARTY ACCESS:

Too often users unknowingly give massive access permissions to apps (or extensions) that don’t really need that much access to their Google Workspace account.

This can result in unexpected security breaches.

While user security awareness plays a crucial role here, as an admin you need to:

 

7. WISELY HANDLE COMPROMISED ACCOUNTS:

‘Timely detection’ is one of the most important factors in minimizing the damage a compromised account can cause

SEE: The 4 Tell-tale Signs of a Compromised Google Workspace Account.

After you’ve successfully identified a compromised account, how do you deal with it? — Here’s our recommended drill:

  • Deactivate the account right away.
  • Review and fix any damages/ breaches caused.
  • Reset Password and reactivate the account.
  • Revoke old tokens and cookies.
  • Reset App passwords for all devices used to access this account.
  • Reassign the account to the user.

8. ENFORCE LEAST-PRIVILEGE ACCESS:

The principle of least privilege (PoLP) is an InfoSec concept where a user is given the minimum levels of access – or permissions – needed to carry out his/her job functions.

For example, a user account created for a payroll doesn’t need admin rights, while a programmer doesn’t need access to HR records.

This best practice helps you better audit and protect your Google Workspace domain, and facilitates damage control actions in the event of a breach.

Learn more about enforcing least privilege with role recommendations in Google Cloud.

 

Closing thoughts

Locking your domain’s Google Workspace password security and authentication processes is exactly like securing your company’s virtual gates — You need to make sure the system is impeccable. 

This requires a combination of powerful Google Workspace security and auditing practices that work in line with users’ security awareness to always stay one step ahead.

 

Food for thought: A Passwordless future?

Now that we’ve talked about the importance of passwords, what do you think of a passwordless future? — According to TechRepublic, that passwordless future is already here.

Let us know your thoughts on the subject on help@gatlabs.com 😉.

Stay in the loop

Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.

Related Posts

Try this Life-Changing Google Workspace Admin Hack
Admin

Try this Life-Changing Google Workspace Admin Hack

Here’s the one hack every Google Workspace admin needs to know: Automate all the things – Why waste time and effort on tasks that can …

Read More
Admin, are you Monitoring these Cloud Security Risks?
Cloud Security

Admin, are you monitoring these cloud security risks?

Do you know which are the most significant cloud security risks and how to deal with them? In a cloud-centric world of instant data sharing …

Read More
Quick guide to Data Loss Prevention for Google Chrome (1)
Chrome browsing

Quick guide to Data Loss Prevention for Google Chrome

Why is Data Loss Prevention for Google Chrome important — and how can admins get it right? In a browser-centric world of perpetual data sharing, …

Read More
Common Google Drive Problems for Admins
Sites

[Solved] 3 Common Google Drive Admin Problems

Make these Google Drive admin problems simpler with smart fixes Google Drive has completely changed the file sharing, storage and collaboration game over the past …

Read More