Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

New Identity Verification Feature Boosts Google Workspace Protections

Google this week announced a new Google Workspace capability meant to prevent unauthorized sensitive changes to user accounts.

Formerly called G Suite, Google Workspace provides enterprise users with secure collaboration and productivity tools.

Google this week announced a new Google Workspace capability meant to prevent unauthorized sensitive changes to user accounts.

Formerly called G Suite, Google Workspace provides enterprise users with secure collaboration and productivity tools.

With the new feature in place, Google will evaluate a user’s current session and present them with a ‘verify-it’s-you’ prompt if the session is deemed risky.

According to Google, the capability will prevent an attacker who has gained access to an account from making any changes that could impact the account owner and the organization the account belongs to.

“Through a second and trusted factor, such as a 2-step verification code, users can confirm the validity of the action,” Google notes.

Thus, if a threat actor has gained access to an account, their actions will be blocked until the account owner can verify that any attempted changes are intentional.

“This added layer of security helps to intercept bad actors who have gained access to a user’s account, further protecting their data and your organization’s sensitive information. Additionally, these challenge attempts will be logged as an audit event allowing for further admin investigation,” the company says.

For the time being, the feature only supports users who have Google as their identity provider and can only prevent unauthorized actions within Google products. It does not support SAML users at the moment.

The use of security challenges requires that users have added a recovery phone or email address to their accounts and that administrators have added employee IDs to their user accounts.

The ‘verify-it’s-you challenge’ can be turned off for ten minutes from the admin console (under Users > ‘UserName’ > Security), to help users who are stuck behind the verification prompt.

“We strongly recommend only using this option if contact with the user is credibly established, such as via a video call,” Google notes.

The new capability is now available to all Google Workspace customers, legacy G Suite Basic and Business customers included.

Related: Google Workspace Now Warns Admins of Sensitive Changes

Related: Google Fights Phishing With Updated Workspace Notifications

Related: Google Workspace Gets Client-Side Encryption

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...