fbpx

New Option to Make Security Codes More Secure

New Option to Make Security Codes More Secure2019-12-09T13:36:52+00:00

Project Description

📖 2 mins read

What’s changing 

Google is giving you another option to determine how security codes can be used in your organization. A security code is a one-time use code, generated using a security key, that can be used to log in on legacy platforms where security keys aren’t supported directly.

With this launch Google is adding an option to restrict the use of codes to the same device or network that they were generated on.

Who’s impacted

Admins and end users

Why you’d use it

Since Google introduced security codes in June 2019, the company observed that they’re most commonly used with applications that use legacy authentication on devices that are capable of supporting Chrome or other browsers that allow security keys. The new restricted security code option allows that use case to be satisfied while reducing some potential vulnerabilities. Unrestricted codes will still be available for users who need them (such as those using remote servers or virtual machines).

How to get started

Admins: Customers can turn this feature on at Admin console > Security > Advanced security settings. Use Google’s Help Center to find out more about security codes.
End users: No action needed.

Additional details

Three security code settings available to Google Workspace admins 
With this launch, there will be three options for security codes:

  • Don’t allow users to generate security codes. Users can’t generate security codes. This was previously available, and was the default setting.
  • Allow security codes without remote access. Users can generate security codes and use them on the same device or local network (NAT or LAN). This is a new option, and replaces the don’t allow security codes as the default setting for new Google Workspace customers.
  • Allow security codes with remote access. Users can generate security codes and use them on the same device or local network (NAT or LAN), as well as other devices or networks, such as when accessing a remote server or a virtual machine. The earlier version of security codes was effectively the same as this.

No impact to existing users 
This launch won’t change the user experience unless an admin changes a setting in the Admin console. Specifically,

  • Users who are currently assigned “Don’t allow security codes” will now be assigned “Don’t allow users to generate security codes” and will still not be able to use security codes.
  • Users who are currently assigned “Allow use of security codes,” will now be assigned “Allow security codes with remote access” and will be able to use security codes in the same way as before.

Use Google’s Help Center to learn more about security codes and 2-Step Verification.

Security codes and the Advanced Protection Program for the enterprise 
You can control security code use separately for your users in the Advanced Protection Program for the enterprise. Security code settings for those users are determined by controls at Admin console > Security > Advanced Protection Program. Settings for security code use here will override regular settings for those users. Read more about the Advanced Protection Program for the enterprise.

Availability

Rollout details 

Google Workspace editions 

  • Available to all Google Workspace editions.

On/off by default? 

  • This feature will be OFF by default and can be customized on the domain, OU, or group level.
Thanks for sharing and spreading the word!
Go to Top