With Google Workspace, retail businesses will enhance customer experience, improve…
In August 2022, Google announced enhanced protections for sensitive actions taken in end user accounts Google Workspace customer của bạn. Cụ thể, bản cập nhật này đã bảo vệ người dùng khỏi những kẻ xấu chiếm đoạt tài khoản thông qua việc đánh cắp cookie. Bắt đầu từ hôm nay, chúng tôi sẽ mở rộng biện pháp bảo vệ này cho Bảng điều khiển dành cho quản trị viên.
Currently, the Admin console prompts users to re-authenticate every hour. We are extending our current protections with additional signals to detect potential cookie theft. If a risky session is detected, we will issue extra challenges such as mobile notifications or the use of a security key. Once the user has successfully verified, they’ll be directed back to the admin page they came from.
Why it’s important
This added layer of security helps to intercept bad actors who have gained access to the Admin console using a stolen cookie. Cookie theft is a session hijacking technique whereby accounts can be accessed by exploiting cookies stored in the browser.
The additional “Verify it’s you” challenges help ensure only authorized users are accessing your organization’s sensitive information and data, preventing bad actors from taking damaging actors. Further, these challenge attempts will be logged as Admin log events allowing for further admin investigation.
To avoid situations where a bad actor has a cookie that marks a device as trusted, admins can configure a device to be trusted based upon login.
If an admin gets legitimately stuck trying to access the Admin console, other admins can temporarily turn off login challenges, including additional log-in challenges. We strongly recommend only using this option if contact with the user is credibly established, such as via a video call.
- Admins: These protections will be available by default. Visit the Help Center to learn more about Admin log events, verifying a users identity and protecting your users with 2-step verification.
- End users: No action required.
- Rapid Release and Scheduled Release domainsExtended rollout (potentially longer than 15 days for feature visibility) starting on October 24, 2022. We anticipate rollout to be complete by November 14, 2022 .
- Khả dụng cho khách hàng Google Workspace, Legacy G Suite Basic và Business