{"id":9878,"date":"2022-12-07T10:36:18","date_gmt":"2022-12-07T03:36:18","guid":{"rendered":"https:\/\/gcloudvn.com\/?p=9878"},"modified":"2023-11-29T16:12:47","modified_gmt":"2023-11-29T09:12:47","slug":"stronger-amin-console-protection-with-risk-based-re-authentication-challenges","status":"publish","type":"post","link":"https:\/\/gcloudvn.com\/en\/kienthuc\/stronger-amin-console-protection-with-risk-based-re-authentication-challenges\/","title":{"rendered":"Stronger Admin console protection with risk-based re-authentication challenges"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/stronger-amin-console-protection-with-risk-based-re-authentication-challenges\/#Cap_nhat_thay_doi\" >What\u2019s changing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/stronger-amin-console-protection-with-risk-based-re-authentication-challenges\/#Ai_bi_anh_huong_den\" >Who\u2019s impacted\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/stronger-amin-console-protection-with-risk-based-re-authentication-challenges\/#Tai_sao_lai_quan_trong\" >Why it\u2019s important\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/stronger-amin-console-protection-with-risk-based-re-authentication-challenges\/#Chi_tiet_bo_sung\" >Additional details\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/stronger-amin-console-protection-with-risk-based-re-authentication-challenges\/#Bat_dau\" >Getting started\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/stronger-amin-console-protection-with-risk-based-re-authentication-challenges\/#Thoi_gian_trien_khai\" >Rollout pace<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/stronger-amin-console-protection-with-risk-based-re-authentication-challenges\/#Kha_dung\" >Available now<\/a><\/li><\/ul><\/nav><\/div>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Cap_nhat_thay_doi\"><\/span><b>What\u2019s changing<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">In August 2022, Google announced enhanced protections for sensitive actions taken in end user accounts <a href=\"https:\/\/gcloudvn.com\/en\/google-workspace\/\">Google Workspace customer<\/a> c\u1ee7a b\u1ea1n. C\u1ee5 th\u1ec3, b\u1ea3n c\u1eadp nh\u1eadt n\u00e0y \u0111\u00e3 b\u1ea3o v\u1ec7 ng\u01b0\u1eddi d\u00f9ng kh\u1ecfi nh\u1eefng k\u1ebb x\u1ea5u chi\u1ebfm \u0111o\u1ea1t t\u00e0i kho\u1ea3n th\u00f4ng qua vi\u1ec7c \u0111\u00e1nh c\u1eafp cookie. B\u1eaft \u0111\u1ea7u t\u1eeb h\u00f4m nay, ch\u00fang t\u00f4i s\u1ebd m\u1edf r\u1ed9ng bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7 n\u00e0y cho B\u1ea3ng \u0111i\u1ec1u khi\u1ec3n d\u00e0nh cho qu\u1ea3n tr\u1ecb vi\u00ean.\u00a0<\/span><b><br \/>\n<\/b><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Currently, the Admin console prompts users to re-authenticate every hour. We are extending our current protections with additional signals to detect potential cookie theft. If a risky session is detected, we will issue extra challenges such as mobile notifications or the use of a security key. Once the user has successfully verified, they\u2019ll be directed back to the admin page they came from.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><b><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9881\" src=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2022\/12\/1.png\" alt=\"Google Workspace t\u0103ng c\u01b0\u1eddng x\u00e1c th\u1ef1c b\u1ea3o m\u1eadt b\u1ea3ng \u0111i\u1ec1u khi\u1ec3n qu\u1ea3n tr\u1ecb vi\u00ean 2\" width=\"600\" height=\"727\" srcset=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2022\/12\/1.png 528w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2022\/12\/1-248x300.png 248w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2022\/12\/1-10x12.png 10w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/b><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Ai_bi_anh_huong_den\"><\/span><b>Who\u2019s impacted\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Admins\u00a0<\/span><b><br \/>\n<\/b><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Tai_sao_lai_quan_trong\"><\/span><b>Why it\u2019s important\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">This added layer of security helps to intercept bad actors who have gained access to the Admin console using a stolen cookie. Cookie theft is a session hijacking technique whereby accounts can be accessed by exploiting cookies stored in the browser.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">The additional \u201cVerify it\u2019s you\u201d challenges help ensure only authorized users are accessing your organization\u2019s sensitive information and data, preventing bad actors from taking damaging actors. Further, these challenge attempts will be logged as <\/span><span style=\"font-weight: 400;\">Admin log events<\/span><span style=\"font-weight: 400;\"> allowing for further admin investigation.\u00a0<\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Chi_tiet_bo_sung\"><\/span><b>Additional details\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">To avoid situations where a bad actor has a cookie that marks a device as trusted, admins can configure a device to be trusted based upon login.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9880\" src=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2022\/12\/2-2.png\" alt=\"Google Workspace t\u0103ng c\u01b0\u1eddng x\u00e1c th\u1ef1c b\u1ea3o m\u1eadt b\u1ea3ng \u0111i\u1ec1u khi\u1ec3n qu\u1ea3n tr\u1ecb vi\u00ean 6\" width=\"600\" height=\"336\" srcset=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2022\/12\/2-2.png 640w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2022\/12\/2-2-300x168.png 300w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2022\/12\/2-2-18x10.png 18w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/>If an admin gets legitimately stuck trying to access the Admin console, other admins can temporarily turn off login challenges, including additional log-in challenges. We strongly recommend only using this option if contact with the user is credibly established, such as via a video call.\u00a0<\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Bat_dau\"><\/span><b>Getting started\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Admins: These protections will be available by default. Visit the Help Center to learn more about <\/span><span style=\"font-weight: 400;\">Admin log events<\/span><span style=\"font-weight: 400;\">, <\/span><span style=\"font-weight: 400;\">verifying a users identity <\/span><span style=\"font-weight: 400;\">and <\/span><span style=\"font-weight: 400;\">protecting your users with 2-step verification<\/span><span style=\"font-weight: 400;\">.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">End users: No action required.\u00a0<\/span><\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Thoi_gian_trien_khai\"><\/span><b>Rollout pace<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Rapid Release and Scheduled Release domains<\/span><span style=\"font-weight: 400;\">Extended rollout (potentially longer than 15 days for feature visibility) starting on October 24, 2022. We anticipate rollout to be complete by November 14, 2022 .\u00a0<\/span><\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Kha_dung\"><\/span><b>Available now<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Kh\u1ea3 d\u1ee5ng cho kh\u00e1ch h\u00e0ng Google Workspace, Legacy G Suite Basic v\u00e0 Business<\/span><\/li>\n<\/ul>\n<p style=\"text-align: right;\"><b>Source: <a href=\"https:\/\/gcloudvn.com\/en\/\">Gimasys<\/a><\/b><\/p>","protected":false},"excerpt":{"rendered":"<p>C\u1eadp nh\u1eadt thay \u0111\u1ed5i V\u00e0o th\u00e1ng 8\/2022, Google \u0111\u00e3 c\u00f4ng b\u1ed1 c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7 t\u0103ng c\u01b0\u1eddng \u0111\u1ed1i v\u1edbi c\u00e1c h\u00e0nh \u0111\u1ed9ng nh\u1ea1y c\u1ea3m \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n trong t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i d\u1ecbch v\u1ee5 Google Workspace c\u1ee7a b\u1ea1n.&hellip;<\/p>","protected":false},"author":2,"featured_media":9879,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1,134],"tags":[],"class_list":["post-9878","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kienthuc","category-google-workspace","entry","has-media"],"_links":{"self":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts\/9878","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/comments?post=9878"}],"version-history":[{"count":0,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts\/9878\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/media\/9879"}],"wp:attachment":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/media?parent=9878"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/categories?post=9878"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/tags?post=9878"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}