How Admins & Users Can Strengthen G Suite Security

G Suite Security KeyIf you’re using G Suite or considering G Suite, there may be questions about G Suite security in your mind.

After all, your company email and your business documents (if you are leveraging Google Drive for cloud backup of local files) are stored in Google’s data centers.

G Suite, as you’d expect, has multiple levels of built-in security.

G Suite Data Center Security

Google’s data center security is superior to that of most corporate networks. Google has hundreds of full-time security engineers. Some of them are leading experts in the security field.

Data moving within Google’s data centers and to and from its data centers is encrypted using perfect forward secrecy. With perfect forward secrecy, breaking an encryption key would not do a hacker any good.

You can find G Suite security FAQs here.

As with many web applications that have hardened data center security, the easiest access point for an intruder may well be via user login access.

G Suite User Access Security

Google provides multiple levels of native protection to prevent a dictionary attack.

What can you, as a user of G Suite do to make the account access even more secure?

Use a long password

By default, a G Suite password can be up to 100 characters long. Spaces within passwords are permitted, which means that password phrases can be used. A G Suite admin can increase the minimum required password length and the maximum possible password length.

Google Apps Password Management

A randomly generated password phrase or “passphrase” is more secure and is easier to remember than a password such as T%e3$&1#.

You can use a site such as Use a Passphrase to generate passphrases. An example passphrase we generated is “swedish wide finish spectra”. The approximate crack time reported by Use a Passphrase is 57,384 centuries.

Keep a secure record of all your passwords

Only keep a physical record of your G Suite password (and all your other passwords) in an encrypted password database such as LastPass or 1Password.

In other words, avoid storing your passwords in a spreadsheet, a document or on paper.

Enable Google 2-Step Verification

Google 2-Step Verification can be enabled by a G Suite administrator. An admin can make this either optional for users or it can be enforced for all users.

Google Apps 2-Step Verification

Once 2-Step Verification has been enabled by a G Suite administrator, as a user, you can enable one or more options for your account by going into My Account > Signing Into Google > 2-Step Verification.

When you log in from an unfamiliar device or location, there are several different verification options. These are not mutually exclusive.

1. You can enter a Google Verification Code that’s texted to you.

2. If you install the Google app on your Android or iPhone, you can verify by simply answering “Yes” on your mobile device. This option is known as Google prompt.

3. You can generate and print out a list of one-time use backup codes. You can keep these in your wallet or store a digital copy in a cloud location that’s separate from G Suite and Google Drive.

Use a Physical Security Key

At the 2018 Google Next conference, Google announced the Titan Security Key.

This is a physical key that you can keep on your key chain. It plugs into a computer’s USB port. This is the best defense against phishing attacks.

Using a security key does not supersede the ability to use a verification code. It’s just that using a security key in place of a verification code provides an additional layer of security.

With some basic actions, admins and users can strengthen G Suite security.

Leave a Reply

Your email address will not be published. Required fields are marked *