Google Workspace admin accounts will now require two-step verification to access

News
By
published

Activate soon or get locked out, Google Workspace admins warned

Google 2FA security
(Image credit: Google)

Google has announced it will be enforcing two-step verification (2SV) for admin accounts across Google Workspace. 

For some users, the requirement is already being enforced, with others to follow. Super admins will be notified 30 days in advance via email and app notifications. Failing to setup 2SV within 30 days will result in users being locked out of their accounts and will need to follow the recovery procedure.

Google has also increased the number of dynamic groups from 100 to 500 for customers - these are groups whose membership is managed automatically, based on such criteria as their location or department within an organization. Google believes this increase will help reduce the amount of manual management.

Securing customers

In justifying the new authentication requirement, Google cites its own research which shows that auto-enabling 2SV for over 150 million of its users last year resulted in a 50% decrease in account compromises.

Google said the new requirement forms part of its commitment to protect the "security of our users" and will "help customers guard against data compromise and prevent account takeovers".

2SV adds a layer of protection to passwords, by making sure that the person inputting the password is a legitimate user, and not a threat actor who has managed to steal a user's credentials. 

Meanwhile, the dynamic group increase will be rolling out to Rapid Release and Scheduled Release domains gradually. It will be available for Google Workspace Frontline Standard, Enterprise Standard and Enterprise Plus, Education Standard and Education Plus, Enterprise Essentials Plus, and Cloud Identity Premium customers.

These new features follow other recent security-based updates to Google Workspace, such as the ability for admins to make custom notifications to inform users why certain messages they try to send are blocked. They can also include links to resources such as company guidelines for sending sensitive data, to give users more context.

MORE FROM TECHRADAR PRO

Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.