Welcome to Gimasys!
Hotline: +84 974 417 099 (HCM) | +84 987 682 505 (HN) gcp@gimasys.com
Blog

Stronger Admin console protection with risk-based re-authentication challenges

What’s changing

In August 2022, Google announced enhanced protections for sensitive actions taken in end user accounts Google Workspace customer của bạn. Cụ thể, bản cập nhật này đã bảo vệ người dùng khỏi những kẻ xấu chiếm đoạt tài khoản thông qua việc đánh cắp cookie. Bắt đầu từ hôm nay, chúng tôi sẽ mở rộng biện pháp bảo vệ này cho Bảng điều khiển dành cho quản trị viên. 

Currently, the Admin console prompts users to re-authenticate every hour. We are extending our current protections with additional signals to detect potential cookie theft. If a risky session is detected, we will issue extra challenges such as mobile notifications or the use of a security key. Once the user has successfully verified, they’ll be directed back to the admin page they came from. 

Google Workspace tăng cường xác thực bảo mật bảng điều khiển quản trị viên 2

Who’s impacted 

Admins 

Why it’s important 

This added layer of security helps to intercept bad actors who have gained access to the Admin console using a stolen cookie. Cookie theft is a session hijacking technique whereby accounts can be accessed by exploiting cookies stored in the browser. 

The additional “Verify it’s you” challenges help ensure only authorized users are accessing your organization’s sensitive information and data, preventing bad actors from taking damaging actors. Further, these challenge attempts will be logged as Admin log events allowing for further admin investigation. 

Additional details 

To avoid situations where a bad actor has a cookie that marks a device as trusted, admins can configure a device to be trusted based upon login. 

Google Workspace tăng cường xác thực bảo mật bảng điều khiển quản trị viên 6If an admin gets legitimately stuck trying to access the Admin console, other admins can temporarily turn off login challenges, including additional log-in challenges. We strongly recommend only using this option if contact with the user is credibly established, such as via a video call. 

Getting started 

  • Admins: These protections will be available by default. Visit the Help Center to learn more about Admin log events, verifying a users identity and protecting your users with 2-step verification
  • End users: No action required. 

Rollout pace

  • Rapid Release and Scheduled Release domainsExtended rollout (potentially longer than 15 days for feature visibility) starting on October 24, 2022. We anticipate rollout to be complete by November 14, 2022 . 

Availability

  • Khả dụng cho khách hàng Google Workspace, Legacy G Suite Basic và Business

Source: Gimasys

Related Posts

Back To Top
phone number
0974 417 099