Password Security for Google Workspace Users: 10 Do’s and Don’ts

The Does and Donts of password security for Google Workspace Users

See GAT Labs
in action

Table of Contents

YOUR GOOGLE WORKSPACE ACCOUNT IS A BIG TARGET FOR CYBERCRIMINALS, HERE’S WHY.

You may be wondering, why would a hacker be after my account anyway? — Simple, to make money, access sensitive data, sneak on to your company’s entire Google Workspace domain from there, OR WORSE, steal your identity.

HOW?  

By launching things like Ransomware attacks, Distributed Denial of Service (DDoS), account Hijacking, and much more.

Whether you work at an educational institution, SMB or a large organisation – deal with sensitive data or not- you need to stay extra vigilant about how you protect, store and use your Google password.

REMEMBER: Passwords are what gives access to important systems or data, and stands between that information and a hacker trying to steal it.

 

PASSWORD SECURITY FOR GOOGLE WORKSPACE USERS: 10 DO’S AND DON’TS

 

1. DON’T USE WEAK PASSWORDS (#Given)

FACT: The more complex the password, the more attempts needed to guess it.

According to The Conversation, ‘’A computer can guess more than 100,000,000,000 passwords/ second — Still think yours is secure?’’

DO STICK TO THE ANATOMY OF A STRONG PASSWORD:

Password security for Google Workspace Users

 

2. DON’T USE THE SAME PASSWORD FOR DIFFERENT ACCOUNTS

FACT: 53% of people use the same passwords for both work and personal accounts. It’s just more convenient. 

You know this. I know this. The hacker knows this.

That’s why, using simple password hacking methods like Credential stuffing, hackers can easily guess your Google Workspace password if they happen to crack your login credentials for any of those other online accounts.

DO CREATE A UNIQUE PASSWORD for every account, especially your Google Workspace accountThat way, even if one account is compromised, the others are safe.

 

3. DON’T FORGET TO TURN 2-STEP VERIFICATION ON

FACT: A hacker can never steal something only you have.

2-step Verification adds another important layer of login security to your Google Workspace account. 

With it,  you’ll sign in to your account in two steps using your password, and something only you have (your phone or a Security Key).

DO PROTECT YOUR ACCOUNT WITH 2-STEP VERIFICATION, here’s how.

Note: Want to add even another layer of login security? Multi-Factor Authentication (MFA), hands down, is also one of the best ways to do so. Read more.

 

4. DON’T RELY ON MEMORY LANE

FACT: 53% of people rely on their memory to remember passwords.

That results in a tendency to re-use the same login credentials for different digital services, create weak or guessable passwords, etc.

With a password manager, however,  you can create more complex and unique passwords without worrying about forgetting them.

You’ll notice right away how this will help you improve Password Security for Google Workspace.

✅DO USE PASSWORD MANAGERS

Checkout Google’s Password Manager or TechRadar’s list of best password managers for 2021.

 

5. DON’T FORGET TO LOGOUT BEFORE YOU LEAVE

FACT: Human error plays role in 95% of data breaches.

Ever left your device unattended while logged into your Google account to quickly answer the door or grab a snack? — Well, most of us have.

But that’s as dangerous as leaving your car unlocked with the key inside. Anyone can jump in and take a quick drive through your account.

DO REMEMBER TO LOCK YOUR DEVICE. Even when leaving your device for as little as one minute (and never leave your device unattended in public places).

DO LOGOUT OF UNTRUSTED DEVICES. If you happen to access your account (for any reason) from a device that’s not yours.

DO PAY ATTENTION TO WHERE YOU STAY LOGGED IN. (By adding or removing trusted devices.)

DO SIGN OUT OF LOST/ STOLEN DEVICES immediately.

 

6. DON’T USE OUTDATED ACCOUNT RECOVERY EMAILS/ PHONE NUMBERS

FACT: Your account recovery email/phone is the second key the bad guy needs to get in when the first attempts fail.

Ask yourself, is this recovery email safe if I ever get hacked? What about my phone, do I still need to update my account with a new phone number? 

These are the kind of questions that matter the most if a cyber-crisis ever hits.

DO REVIEW AND SECURE YOUR GOOGLE ACCOUNT RECOVERY EMAIL/ PHONE  from here.

 

7. DON’T GIVE UNNECESSARY ACCOUNT ACCESS TO TOOLS AND EXTENSIONS

FACT: Just like many people don’t read the ‘Terms and Conditions’, many don’t review the access permissions they give tools and extensions to their account.

DO ASK YOURSELF: DOES IT REALLY NEED THAT MUCH ACCESS TO MY ACCOUNT?

Does this flight booking tool really need access to my Drive, Contacts and Email, for example?

By clicking ‘Allow’ without reviewing the access permissions you’re giving you’re practically inviting strangers in, without even realising it.

 

8. NEVER DISCLOSE YOUR PASSWORD TO ANYONE

FACT: More than 90% of successful cyber attacks worldwide begin with a phishing email.

Sharing is caring, but not when it comes to your Google Workspace account security.

Treat your Google password as your SSN or Identity number, NEVER DISCLOSE IT.

DO CHECK FOR SIGNS OF PHISHING SCAMS. Make sure you enter passwords only on trusted and verified platforms.

 

9. NEVER WRITE DOWN YOUR GOOGLE PASSWORD, ANYWHERE

FACT: 42% of organizations rely on sticky notes for password management. 

As we mentioned above, only use password managers to store and track passwords. 

❎DON’T WRITE PASSWORDS DOWN. Whether physically or electronically.

 

10. DON’T FORGET THESE GOOGLE’S PASSWORD SECURITY TOOLS

FACT: Sometimes simple tools can go a long way!

DO use these TWO Google Tools to improve your Google Workspace Password Security:  

  1. Google’s Password Checkup tool 
  2. Google’s Password Alert for Phishing

 

SUMMARY

Data has become the most valuable resource today, which makes your Google Workspace account an attractive target for cybercriminals.

To improve Password Security for Google Workspace and protect your account from unauthorized access make sure to:

  • Use long complex passwords
  • Use a unique password for every account
  • Turn 2-step verification on
  • Logout of untrusted devices
  • Use Password Managers
  • Don’t disclose or write down passwords anywhere
  • Use Trusted Password Security tools
  • Lock your devices when unattended
  • Review the access permissions you give tools and extensions
  • Update your account recovery details

Stay in the loop

Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.

Related Posts

Try this Life-Changing Google Workspace Admin Hack
Admin

Try this Life-Changing Google Workspace Admin Hack

Here’s the one hack every Google Workspace admin needs to know: Automate all the things – Why waste time and effort on tasks that can …

Read More
Admin, are you Monitoring these Cloud Security Risks?
Cloud Security

Admin, are you monitoring these cloud security risks?

Do you know which are the most significant cloud security risks and how to deal with them? In a cloud-centric world of instant data sharing …

Read More
Quick guide to Data Loss Prevention for Google Chrome (1)
Chrome browsing

Quick guide to Data Loss Prevention for Google Chrome

Why is Data Loss Prevention for Google Chrome important — and how can admins get it right? In a browser-centric world of perpetual data sharing, …

Read More
Common Google Drive Problems for Admins
Sites

[Solved] 3 Common Google Drive Admin Problems

Make these Google Drive admin problems simpler with smart fixes Google Drive has completely changed the file sharing, storage and collaboration game over the past …

Read More