Considering that your Google Account may be the primary way for your employees and users to authenticate and store private information, the security of your Google Workspace account is paramount. There is a multitude of nuances to securing your Google Workspaces account, all of which need to be followed to ensure the security of your company.
This comprehensive guide will provide all the steps we recommend to secure your Google Workspaces account.
By default, Enforce Strong Password is disabled. We strongly recommend enabling this option. We also recommend a minimum password length of 15 characters, especially if you must create service accounts that will not have 2FA enabled. However, we recommend at least 32 characters for any service account password.
Enabling password expiration is unnecessary if 2FA is enforced for users (see below). If you decide not to use 2FA, then enable passwords to expire every 90 days.
To ensure that the new password changes will immediately be applied, enable Enforce password policy at next sign-in.
We highly recommend keeping this option disabled to prevent users from accessing less secure applications. While secure apps provide users with the ability to restrict the level of access, connection to their account without exposing their password, and the ability to disconnect their account at any time, insecure apps lack many of these options. This vulnerability can allow hackers to obtain sensitive information.
If Less Secure Apps must be enabled, please read more about the risks of allowing this option here.
2FA is essential in this day and age and is a significant factor in keeping away attackers. Without 2FA, only a password (stands between an attacker and your data.