gatlabs.com
Open in
urlscan Pro
2.57.88.87
Public Scan
URL:
https://gatlabs.com/blogpost/8-password-security-practices-for-admins/
Submission: On April 11 via manual from RS — Scanned from NL
Submission: On April 11 via manual from RS — Scanned from NL
Form analysis
1 forms found in the DOMPOST https://gatlabs.activehosted.com/proc.php
<form method="POST" action="https://gatlabs.activehosted.com/proc.php" id="_form_64351E64481B0_" class="_form _form_64 _inline-form _dark" novalidate="">
<input type="hidden" name="u" value="64351E64481B0" data-name="u">
<input type="hidden" name="f" value="64" data-name="f">
<input type="hidden" name="s" data-name="s">
<input type="hidden" name="c" value="0" data-name="c">
<input type="hidden" name="m" value="0" data-name="m">
<input type="hidden" name="act" value="sub" data-name="act">
<input type="hidden" name="v" value="2" data-name="v">
<input type="hidden" name="or" value="8d8afdb4d4e349ce3dab229705e5f160" data-name="or">
<div class="_form-content">
<div class="_form_element _x44957149 _full_width ">
<label for="fullname" class="_form-label">Full Name</label>
<div class="_field-wrapper">
<input type="text" id="fullname" name="fullname" placeholder="Type your name" data-name="fullname">
</div>
</div>
<div class="_form_element _x08200784 _full_width ">
<label for="email" class="_form-label">Email*</label>
<div class="_field-wrapper">
<input type="text" id="email" name="email" placeholder="Type your email" required="" data-name="email">
</div>
</div>
<div class="_form_element _x88799654 _full_width ">
<label for="field[17]" class="_form-label">Domain Classification</label>
<div class="_field-wrapper">
<select name="field[17]" id="field[17]" data-name="domain_classification_enterprise">
<option selected=""></option>
<option value="Enterprise"> Enterprise </option>
<option value="Government"> Government </option>
<option value="Non-Profit"> Non-Profit </option>
</select>
</div>
</div>
<div class="_form_element _x66235675 _full_width ">
<input type="hidden" name="field[32]" value="2096392712.1681202789" data-name="client_id">
</div>
<div class="_button-wrapper _full_width"><button id="_form_64_submit" class="_submit" type="submit">Submit</button></div>
<div class="_clear-element"></div>
</div>
<div class="_form-thank-you" style="display:none;"></div>
</form>
Text Content
Skip to content Enterprise Solutions [Go to GAT Labs for Education solutions here] * Products FOR GOOGLE WORKSPACE GAT+ Auditing, management and security of all areas of Google Workspace. Alert, report and manage users data in one place to save time. GAT UNLOCK Gain access or change permissions on sensitive data and perform bulk security tasks. Copy externally owned folders, gain silent access to files and emails and much more! GAT FLOW Automate your onboarding, offboarding and modifying Google Workspace users chores seamlessly. Signature management, Email and File Migration, and much more! FOR CHROME GAT SHIELD Real-time DLP security for Chrome Browser, enhance data protection and gain detailed reporting and alerts of users activity. ACTIVE ID Zero Trust – Live in-browser three factor authentication based on Artificial intelligence algorithms that continuously confirm the authenticity of the logged user. See All Features * Solution BY USE CASE DATA LOSS PREVENTION FOR GOOGLE CHROME GOOGLE APPS MANAGER (GAM) AND GAT LABS GOOGLE DRIVE MANAGEMENT CHROMEBOOK MANAGEMENT GDPR COMPLIANCE USERS MANAGEMENT * Company ABOUT US * Our Story * What does GAT do? * Testimonials * Investors & Partners CONNECT * Become a Partner * Contact Us * Pricing * See Plans * Quotation Request * Customer Feedback * Support RESOURCES * Help Center * Knowledge Base * How to Install? MORE * Fresh Trial Request * Technical FAQs * Products Overview * Blog CONTENT * All * ChromeOS Devices * How To's * Google Workspace * Cybersecurity FEATURED CONTENT AI-POWERED FUTURE. TOOLS TO IMPROVE YOUR GOOGLE WORKSPACE Get a Demo Free Trial * Cybersecurity 8 GOOGLE WORKSPACE USER PASSWORD SECURITY PRACTICES FOR ADMINS * December 8, 2021 INJY ELDEEB InfoSec & Tech Blogger, Editor, London School of Journalism. See GAT Labs in action Book a Demo TABLE OF CONTENTS 1. The 8 GOOGLE WORKSPACE USER PASSWORD SECURITY PRACTICES FOR ADMINS 1. 1. ENABLE TWO-STEP VERIFICATION (2FA) 1. TWO-STEP VERIFICATION BEST PRACTICES 2. 2. SECURE IDENTITY VERIFICATION WITH CONSTANT ZERO TRUST MFA 3. 3. SEND OUT USER PASSWORD SECURITY REMINDERS 4. 4. AUDIT USER PASSWORD SECURITY ACTIVITY: 5. 5. SET UP TIME AND AREA LOGIN CONTROL 6. 6. SECURE THIRD-PARTY ACCESS: 7. 7. WISELY HANDLE COMPROMISED ACCOUNTS: 8. 8. ENFORCE LEAST-PRIVILEGE ACCESS: 1. Closing thoughts MAINTAIN GOOGLE WORKSPACE USER PASSWORD SECURITY (AND ENSURE LOGIN EASE) Ever thought about how many passwords your users enter every day? From that first password they use in the morning, to recurrent ones they enter multiple times a day. Now think about how you (and your users) protect these passwords. Do you have a bullet-proof process to secure Google Workspace users’ Logins? > According to Google, 75% of Americans feel frustrated trying to maintain and > keep track of their passwords. Meanwhile, stolen passwords are one of the > simplest and most common causes of data breaches. As an admin, you need to strike the right ‘’secure-login-ease’’ balance to ensure a smooth process for your users. In this post we’ll show you how to achieve that while protecting your users (and domain) against unauthorized Google Workspace access: THE 8 GOOGLE WORKSPACE USER PASSWORD SECURITY PRACTICES FOR ADMINS 1. ENABLE TWO-STEP VERIFICATION (2FA) Two-step verification adds another login protection layer, even if a password becomes known or is brute force. Therefore, you need to push out 2FA to your users, especially admin accounts and users who deal with more sensitive information or are more likely to get attacked. According to Google, ”A hacker could steal or guess a password, but they can’t reproduce something only you have”. TWO-STEP VERIFICATION BEST PRACTICES * Audit which users have 2FA on. Get alerted on disabled 2FA for your users to make sure they’re always protected. * Combine 2FA with a managed company phone for additional protection. 2. SECURE IDENTITY VERIFICATION WITH CONSTANT ZERO TRUST MFA Want ultimate Google Workspace user password security? Constant user identity verification using Zero-trust MFA is your answer then. Zero trust verification extends user login protection from being a ‘once at login’ act, to an ongoing user identity verification process. The best thing about this approach is that it doesn’t complicate things for your users as it typically relies on biometric authentication (like a user’s unique typing style). It automatically works in the background, constantly verifying as the user is logged in, without them having to go through any additional steps. Remember: Zero Trust= Never Trust, Always verify! 3. SEND OUT USER PASSWORD SECURITY REMINDERS FACT: 90% of data breaches are caused by human error or negligence! For example, 53% of users use the same passwords for multiple accounts. That’s the perfect recipe for credential stuffing. Simple human errors can often be avoided with constant reminders that stick in, and ultimately raise employees’ security awareness. That’s why it’s important to send out regular password security reminders to refocus your users’ attention. BONUS: Share our 10 Dos and Don’ts of Google Workspace Password Security with your users to get the ball running. 4. AUDIT USER PASSWORD SECURITY ACTIVITY: Review suspicious user login activity across your domain regularly. This will help you catch any login-related threats on time. Here’s what you want to check: * User accounts audit log: Review things like account password changes, recovery email changes, with details like IP associated with the action. * User login attempts report: Audit failed login events regularly to spot account compromise attempts on time. * Failed device password attempts report. Monitor the number of failed login attempts on your company devices during a specified time range. * Review Logins from unexpected areas: This is another area you want to audit, especially when you have users working remotely from different places around the world. You can use GAT+ to set up location-based alerts for logins from outside whitelisted areas. 5. SET UP TIME AND AREA LOGIN CONTROL Another way to get more granular on users’ login processes is by restricting login based on ‘Time and Area’ windows. This means that users can only log-in during certain hours you specify, and can only do so from particular locations. This more strict type of Login control can be particularly useful for protecting more ‘’at-risk’’ users who have fixed working hours and work from unchanged locations. Note: You’ll need a 3rd party Google Workspace Security tool to set this up for your users. 6. SECURE THIRD-PARTY ACCESS: Too often users unknowingly give massive access permissions to apps (or extensions) that don’t really need that much access to their Google Workspace account. This can result in unexpected security breaches. While user security awareness plays a crucial role here, as an admin you need to: * Use Google’s app access control to determine which apps can access sensitive domain data. * Control access to less secure apps. You can allow users to turn access to less secure apps on or off, or disable their ability to allow less secure apps altogether. * Allow or block apps and extensions in Google Chrome. 7. WISELY HANDLE COMPROMISED ACCOUNTS: ‘Timely detection’ is one of the most important factors in minimizing the damage a compromised account can cause SEE: The 4 Tell-tale Signs of a Compromised Google Workspace Account. After you’ve successfully identified a compromised account, how do you deal with it? — Here’s our recommended drill: * Deactivate the account right away. * Review and fix any damages/ breaches caused. * Reset Password and reactivate the account. * Revoke old tokens and cookies. * Reset App passwords for all devices used to access this account. * Reassign the account to the user. 8. ENFORCE LEAST-PRIVILEGE ACCESS: The principle of least privilege (PoLP) is an InfoSec concept where a user is given the minimum levels of access – or permissions – needed to carry out his/her job functions. For example, a user account created for a payroll doesn’t need admin rights, while a programmer doesn’t need access to HR records. This best practice helps you better audit and protect your Google Workspace domain, and facilitates damage control actions in the event of a breach. Learn more about enforcing least privilege with role recommendations in Google Cloud. CLOSING THOUGHTS Locking your domain’s Google Workspace password security and authentication processes is exactly like securing your company’s virtual gates — You need to make sure the system is impeccable. This requires a combination of powerful Google Workspace security and auditing practices that work in line with users’ security awareness to always stay one step ahead. Food for thought: A Passwordless future? Now that we’ve talked about the importance of passwords, what do you think of a passwordless future? — According to TechRepublic, that passwordless future is already here. Let us know your thoughts on the subject on help@gatlabs.com . Stay in the loop Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven. Full Name Email* Domain Classification Enterprise Government Non-Profit Submit PrevPrevious5 Tell-Tale Signs of a Phishing Email NextPassword Security for Google Workspace Users: 10 Do’s and Don’tsNext RELATED POSTS Google Workspace AI-POWERED FUTURE. TOOLS TO IMPROVE YOUR GOOGLE WORKSPACE Will artificial intelligence take you out of your job, Google Workspace admin? The artificial intelligence revolution is happening right now and nobody can deny it. … Read More Google Workspace ADMIN, CONTROL YOUR GOOGLE DRIVE FILE SHARING Google Drive file sharing has gained a permanent position in the structure of many organisations’ daily functionalities of Google Workspace. Never before has file sharing … Read More Admin GOOGLE WORKSPACE ADMINS’ MOST LIKED BLOG POSTS IN 2022 Google Workspace Admin, are you a lifelong learning fan? If so, you are in good hands. Instead of looking for learning opportunities blindly somewhere, take … Read More Admin NEW YEAR GMAIL CLEAN-UP FOR GOOGLE ADMINS It’s a moment of truth, Google Workspace Admin – did your domain users finish 2022 with a mess in their Gmail? If you said “yes”, … Read More AUDIT. MANAGE. PROTECT. * SUPPORT * KNOWLEDGE BASE USE CASES * Google Drive Management * Chromebook Management * GDPR Compliance * Human Resources * Migration to Microsoft 365 * Audit Delegation for Non-Admins COMPANY * Privacy Policy and Terms of Service * Third Party Risk Assessment * Security Policy Statement * How GAT works? * GAT Labs & Google Enterprise © Copyright 2010 – 2022 | All Rights Reserved | Powered by General Audit Tool Twitter Youtube We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent. Cookie SettingsAccept All Manage consent Close PRIVACY OVERVIEW This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the ... Necessary Necessary Always Enabled Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously. CookieDurationDescriptioncookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. Functional Functional Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features. Performance Performance Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors. Analytics Analytics Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc. Advertisement Advertisement Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads. Others Others Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet. SAVE & ACCEPT