gatlabs.com
Open in
urlscan Pro
2.57.88.87
Public Scan
URL:
https://gatlabs.com/blogpost/8-password-security-practices-for-admins/
Submission: On April 11 via manual from RS — Scanned from NL
Submission: On April 11 via manual from RS — Scanned from NL
Form analysis 1 forms found in the DOM
POST https://gatlabs.activehosted.com/proc.php
<form method="POST" action="https://gatlabs.activehosted.com/proc.php" id="_form_64351E64481B0_" class="_form _form_64 _inline-form _dark" novalidate="">
<input type="hidden" name="u" value="64351E64481B0" data-name="u">
<input type="hidden" name="f" value="64" data-name="f">
<input type="hidden" name="s" data-name="s">
<input type="hidden" name="c" value="0" data-name="c">
<input type="hidden" name="m" value="0" data-name="m">
<input type="hidden" name="act" value="sub" data-name="act">
<input type="hidden" name="v" value="2" data-name="v">
<input type="hidden" name="or" value="8d8afdb4d4e349ce3dab229705e5f160" data-name="or">
<div class="_form-content">
<div class="_form_element _x44957149 _full_width ">
<label for="fullname" class="_form-label">Full Name</label>
<div class="_field-wrapper">
<input type="text" id="fullname" name="fullname" placeholder="Type your name" data-name="fullname">
</div>
</div>
<div class="_form_element _x08200784 _full_width ">
<label for="email" class="_form-label">Email*</label>
<div class="_field-wrapper">
<input type="text" id="email" name="email" placeholder="Type your email" required="" data-name="email">
</div>
</div>
<div class="_form_element _x88799654 _full_width ">
<label for="field[17]" class="_form-label">Domain Classification</label>
<div class="_field-wrapper">
<select name="field[17]" id="field[17]" data-name="domain_classification_enterprise">
<option selected=""></option>
<option value="Enterprise"> Enterprise </option>
<option value="Government"> Government </option>
<option value="Non-Profit"> Non-Profit </option>
</select>
</div>
</div>
<div class="_form_element _x66235675 _full_width ">
<input type="hidden" name="field[32]" value="2096392712.1681202789" data-name="client_id">
</div>
<div class="_button-wrapper _full_width"><button id="_form_64_submit" class="_submit" type="submit">Submit</button></div>
<div class="_clear-element"></div>
</div>
<div class="_form-thank-you" style="display:none;"></div>
</form>Text Content
Skip to content
Enterprise Solutions [Go to GAT Labs for Education solutions here]
* Products
FOR GOOGLE WORKSPACE
GAT+
Auditing, management and security of all areas of Google Workspace. Alert,
report and manage users data in one place to save time.
GAT UNLOCK
Gain access or change permissions on sensitive data and perform bulk security
tasks. Copy externally owned folders, gain silent access to files and emails
and much more!
GAT FLOW
Automate your onboarding, offboarding and modifying Google Workspace users
chores seamlessly. Signature management, Email and File Migration, and much
more!
FOR CHROME
GAT SHIELD
Real-time DLP security for Chrome Browser, enhance data protection and gain
detailed reporting and alerts of users activity.
ACTIVE ID
Zero Trust – Live in-browser three factor authentication based on Artificial
intelligence algorithms that continuously confirm the authenticity of the
logged user.
See All Features
* Solution
BY USE CASE
DATA LOSS PREVENTION FOR GOOGLE CHROME
GOOGLE APPS MANAGER (GAM) AND GAT LABS
GOOGLE DRIVE MANAGEMENT
CHROMEBOOK MANAGEMENT
GDPR COMPLIANCE
USERS MANAGEMENT
* Company
ABOUT US
* Our Story
* What does GAT do?
* Testimonials
* Investors & Partners
CONNECT
* Become a Partner
* Contact Us
* Pricing
* See Plans
* Quotation Request
* Customer Feedback
* Support
RESOURCES
* Help Center
* Knowledge Base
* How to Install?
MORE
* Fresh Trial Request
* Technical FAQs
* Products Overview
* Blog
CONTENT
* All
* ChromeOS Devices
* How To's
* Google Workspace
* Cybersecurity
FEATURED CONTENT
AI-POWERED FUTURE. TOOLS TO IMPROVE YOUR GOOGLE WORKSPACE
Get a Demo
Free Trial
* Cybersecurity
8 GOOGLE WORKSPACE USER PASSWORD SECURITY PRACTICES FOR ADMINS
* December 8, 2021
INJY ELDEEB
InfoSec & Tech Blogger, Editor, London School of Journalism.
See GAT Labs
in action
Book a Demo
TABLE OF CONTENTS
1. The 8 GOOGLE WORKSPACE USER PASSWORD SECURITY PRACTICES FOR ADMINS
1. 1. ENABLE TWO-STEP VERIFICATION (2FA)
1. TWO-STEP VERIFICATION BEST PRACTICES
2. 2. SECURE IDENTITY VERIFICATION WITH CONSTANT ZERO TRUST MFA
3. 3. SEND OUT USER PASSWORD SECURITY REMINDERS
4. 4. AUDIT USER PASSWORD SECURITY ACTIVITY:
5. 5. SET UP TIME AND AREA LOGIN CONTROL
6. 6. SECURE THIRD-PARTY ACCESS:
7. 7. WISELY HANDLE COMPROMISED ACCOUNTS:
8. 8. ENFORCE LEAST-PRIVILEGE ACCESS:
1. Closing thoughts
MAINTAIN GOOGLE WORKSPACE USER PASSWORD SECURITY (AND ENSURE LOGIN EASE)
Ever thought about how many passwords your users enter every day?
From that first password they use in the morning, to recurrent ones they enter
multiple times a day.
Now think about how you (and your users) protect these passwords.
Do you have a bullet-proof process to secure Google Workspace users’ Logins?
> According to Google, 75% of Americans feel frustrated trying to maintain and
> keep track of their passwords. Meanwhile, stolen passwords are one of the
> simplest and most common causes of data breaches.
As an admin, you need to strike the right ‘’secure-login-ease’’ balance to
ensure a smooth process for your users.
In this post we’ll show you how to achieve that while protecting your users (and
domain) against unauthorized Google Workspace access:
THE 8 GOOGLE WORKSPACE USER PASSWORD SECURITY PRACTICES FOR ADMINS
1. ENABLE TWO-STEP VERIFICATION (2FA)
Two-step verification adds another login protection layer, even if a password
becomes known or is brute force.
Therefore, you need to push out 2FA to your users, especially admin accounts and
users who deal with more sensitive information or are more likely to get
attacked.
According to Google, ”A hacker could steal or guess a password, but they can’t
reproduce something only you have”.
TWO-STEP VERIFICATION BEST PRACTICES
* Audit which users have 2FA on. Get alerted on disabled 2FA for your users to
make sure they’re always protected.
* Combine 2FA with a managed company phone for additional protection.
2. SECURE IDENTITY VERIFICATION WITH CONSTANT ZERO TRUST MFA
Want ultimate Google Workspace user password security?
Constant user identity verification using Zero-trust MFA is your answer then.
Zero trust verification extends user login protection from being a ‘once at
login’ act, to an ongoing user identity verification process.
The best thing about this approach is that it doesn’t complicate things for your
users as it typically relies on biometric authentication (like a user’s unique
typing style).
It automatically works in the background, constantly verifying as the user is
logged in, without them having to go through any additional steps.
Remember: Zero Trust= Never Trust, Always verify!
3. SEND OUT USER PASSWORD SECURITY REMINDERS
FACT: 90% of data breaches are caused by human error or negligence!
For example, 53% of users use the same passwords for multiple accounts. That’s
the perfect recipe for credential stuffing.
Simple human errors can often be avoided with constant reminders that stick in,
and ultimately raise employees’ security awareness.
That’s why it’s important to send out regular password security reminders to
refocus your users’ attention.
BONUS: Share our 10 Dos and Don’ts of Google Workspace Password Security with
your users to get the ball running.
4. AUDIT USER PASSWORD SECURITY ACTIVITY:
Review suspicious user login activity across your domain regularly. This will
help you catch any login-related threats on time.
Here’s what you want to check:
* User accounts audit log: Review things like account password changes,
recovery email changes, with details like IP associated with the action.
* User login attempts report: Audit failed login events regularly to spot
account compromise attempts on time.
* Failed device password attempts report. Monitor the number of failed login
attempts on your company devices during a specified time range.
* Review Logins from unexpected areas: This is another area you want to audit,
especially when you have users working remotely from different places around
the world.
You can use GAT+ to set up location-based alerts for logins from outside
whitelisted areas.
5. SET UP TIME AND AREA LOGIN CONTROL
Another way to get more granular on users’ login processes is by restricting
login based on ‘Time and Area’ windows.
This means that users can only log-in during certain hours you specify, and can
only do so from particular locations.
This more strict type of Login control can be particularly useful for protecting
more ‘’at-risk’’ users who have fixed working hours and work from unchanged
locations.
Note: You’ll need a 3rd party Google Workspace Security tool to set this up for
your users.
6. SECURE THIRD-PARTY ACCESS:
Too often users unknowingly give massive access permissions to apps (or
extensions) that don’t really need that much access to their Google Workspace
account.
This can result in unexpected security breaches.
While user security awareness plays a crucial role here, as an admin you need
to:
* Use Google’s app access control to determine which apps can access sensitive
domain data.
* Control access to less secure apps. You can allow users to turn access to
less secure apps on or off, or disable their ability to allow less secure
apps altogether.
* Allow or block apps and extensions in Google Chrome.
7. WISELY HANDLE COMPROMISED ACCOUNTS:
‘Timely detection’ is one of the most important factors in minimizing the damage
a compromised account can cause
SEE: The 4 Tell-tale Signs of a Compromised Google Workspace Account.
After you’ve successfully identified a compromised account, how do you deal with
it? — Here’s our recommended drill:
* Deactivate the account right away.
* Review and fix any damages/ breaches caused.
* Reset Password and reactivate the account.
* Revoke old tokens and cookies.
* Reset App passwords for all devices used to access this account.
* Reassign the account to the user.
8. ENFORCE LEAST-PRIVILEGE ACCESS:
The principle of least privilege (PoLP) is an InfoSec concept where a user is
given the minimum levels of access – or permissions – needed to carry out
his/her job functions.
For example, a user account created for a payroll doesn’t need admin rights,
while a programmer doesn’t need access to HR records.
This best practice helps you better audit and protect your Google Workspace
domain, and facilitates damage control actions in the event of a breach.
Learn more about enforcing least privilege with role recommendations in Google
Cloud.
CLOSING THOUGHTS
Locking your domain’s Google Workspace password security and authentication
processes is exactly like securing your company’s virtual gates — You need to
make sure the system is impeccable.
This requires a combination of powerful Google Workspace security and
auditing practices that work in line with users’ security awareness to always
stay one step ahead.
Food for thought: A Passwordless future?
Now that we’ve talked about the importance of passwords, what do you think of a
passwordless future? — According to TechRepublic, that passwordless future is
already here.
Let us know your thoughts on the subject on help@gatlabs.com .
Stay in the loop
Sign up to our newsletter to get notified whenever a freshly baked blog post is
out of our content oven.
Full Name
Email*
Domain Classification
Enterprise Government Non-Profit
Submit
PrevPrevious5 Tell-Tale Signs of a Phishing Email
NextPassword Security for Google Workspace Users: 10 Do’s and Don’tsNext
RELATED POSTS
Google Workspace
AI-POWERED FUTURE. TOOLS TO IMPROVE YOUR GOOGLE WORKSPACE
Will artificial intelligence take you out of your job, Google Workspace admin?
The artificial intelligence revolution is happening right now and nobody can
deny it. …
Read More
Google Workspace
ADMIN, CONTROL YOUR GOOGLE DRIVE FILE SHARING
Google Drive file sharing has gained a permanent position in the structure of
many organisations’ daily functionalities of Google Workspace. Never before has
file sharing …
Read More
Admin
GOOGLE WORKSPACE ADMINS’ MOST LIKED BLOG POSTS IN 2022
Google Workspace Admin, are you a lifelong learning fan? If so, you are in good
hands. Instead of looking for learning opportunities blindly somewhere, take …
Read More
Admin
NEW YEAR GMAIL CLEAN-UP FOR GOOGLE ADMINS
It’s a moment of truth, Google Workspace Admin – did your domain users finish
2022 with a mess in their Gmail? If you said “yes”, …
Read More
AUDIT. MANAGE. PROTECT.
* SUPPORT
* KNOWLEDGE BASE
USE CASES
* Google Drive Management
* Chromebook Management
* GDPR Compliance
* Human Resources
* Migration to Microsoft 365
* Audit Delegation for Non-Admins
COMPANY
* Privacy Policy and Terms of Service
* Third Party Risk Assessment
* Security Policy Statement
* How GAT works?
* GAT Labs & Google Enterprise
© Copyright 2010 – 2022 | All Rights Reserved | Powered by General Audit Tool
Twitter Youtube
We use cookies on our website to give you the most relevant experience by
remembering your preferences and repeat visits. By clicking “Accept All”, you
consent to the use of ALL the cookies. However, you may visit "Cookie Settings"
to provide a controlled consent.
Cookie SettingsAccept All
Manage consent
Close
PRIVACY OVERVIEW
This website uses cookies to improve your experience while you navigate through
the website. Out of these, the cookies that are categorized as necessary are
stored on your browser as they are essential for the working of basic
functionalities of the ...
Necessary
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly.
These cookies ensure basic functionalities and security features of the website,
anonymously.
CookieDurationDescriptioncookielawinfo-checkbox-analytics11 monthsThis cookie is
set by GDPR Cookie Consent plugin. The cookie is used to store the user consent
for the cookies in the category "Analytics".cookielawinfo-checkbox-functional11
monthsThe cookie is set by GDPR cookie consent to record the user consent for
the cookies in the category "Functional".cookielawinfo-checkbox-necessary11
monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to
store the user consent for the cookies in the category
"Necessary".cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR
Cookie Consent plugin. The cookie is used to store the user consent for the
cookies in the category "Other.cookielawinfo-checkbox-performance11 monthsThis
cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the
user consent for the cookies in the category
"Performance".viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie
Consent plugin and is used to store whether or not user has consented to the use
of cookies. It does not store any personal data.
Functional
Functional
Functional cookies help to perform certain functionalities like sharing the
content of the website on social media platforms, collect feedbacks, and other
third-party features.
Performance
Performance
Performance cookies are used to understand and analyze the key performance
indexes of the website which helps in delivering a better user experience for
the visitors.
Analytics
Analytics
Analytical cookies are used to understand how visitors interact with the
website. These cookies help provide information on metrics the number of
visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and
marketing campaigns. These cookies track visitors across websites and collect
information to provide customized ads.
Others
Others
Other uncategorized cookies are those that are being analyzed and have not been
classified into a category as yet.
SAVE & ACCEPT