Google now allows G Suite administrators to disable unsafe 2FA authentication

Google recently added a new dashboard option to G Suite administrators (Admin console), designed to help administrators have the right to disable phone options as a two-factor authentication method ( 2FA) for G Suite accounts in their domain, preventing users from using SMS and voice codes when authenticating.

Google recently added a new dashboard option to G Suite administrators (Admin console), designed to help administrators have the right to disable two-factor authentication method options (2FA) as phone for G Suite account in their domain, preventing users from using SMS and voice codes when authenticating.

According to G Suite Help Center support documentation, 2FA, also known as 2-Step Verification (2SV) - "requires users to verify their identity through via certain information they know (such as a password), plus other data they have (such as a physical key or access code sent to a device) .Also, it is called Multi-factor authentication (MFA), or 2-factor authentication (2FA) ".

Picture 1 of Google now allows G Suite administrators to disable unsafe 2FA authentication

Once activated on an account, 2FA (configured to work with voice / text message codes, Google Authenticator applications or with the second element of hardware such as security keys) will help protect that account from unauthorized access by creating an additional layer of protection designed to block malicious agents from logging in using the stolen information.

  1. Google first raised G Suite prices - a move to warm up competition with Microsoft Office 365

Both SMS authentication and 2FA voice messages are considered unsafe

"Cybercriminals are increasingly inclined to target small businesses. If hackers get into your administrator account, they can access information about email, documents and pools. Your financial profile and more: A hacker can steal or guess your account password, but they can't copy something that only you have "a Google representative said.

However, there are also some 2FA methods that are not recommended by Google, for example, in the case of phone-related options, including text messages and voice verification codes. These are all authenticated data sent to users through third party networks (such as telecom networks), so they can still be completely blocked or violated by attackers. potential work.

Picture 2 of Google now allows G Suite administrators to disable unsafe 2FA authentication

  1. Google will start deleting photos, comments, pages and more on Google+ from April

The unsafe 2FA options can now be disabled by the G Suite administrator for the entire domain from the Admin console:

'As the awareness of potential SMS-related vulnerabilities and voice codes has increased, some administrators have asked us to introduce more extensive control measures for usability. 2-step phone-based verification method in organizations. The current release of the G Suite has met that requirement - the administrator will now have a policy that can control and enforce the use of multi-factor authentication without the use of SMS and code. Voice verification '.

By enabling this new G Suite policy on your domain, administrators can enhance the overall security of all user accounts and provide better security for all data. link.

To activate this new policy, follow these steps:

  1. For administrators : Apply new policy by changing settings at Admin console> Security> Advanced security settings> Allowed two-step verification methods.
  2. For end users: End users will not have to take any action unless the administrator changes the configuration.

Thus it can be seen that after 2FA text and voice verification codes are disabled for the entire domain, users currently using them will not be able to login. Google also provides administrators with a detailed process designed to help them avoid login errors in the "Set up 2-Step Verification" section of the support website.

Picture 3 of Google now allows G Suite administrators to disable unsafe 2FA authentication

  1. Google has removed 2.3 billion 'inappropriate ads' in 2018, down 28% from 2017

In addition to conveying changes and changes to all users, administrators can also provide users "extra time to sign up by including these users. An exception group in which 2SV will not be enforced until they can add a new 2SV method '. This issue is also detailed in the document "Avoid account lockouts when 2-Step Verification is enforced" by Google.

The new 2FA options of Admin console will be available in all G Suite versions, but they will not be enabled by default, so administrators must "make clear choices in applying this policy. on OU / Group basis, like other existing 2SV enforcement policies ".

According to relevant information, the statistics show that a large number of IMAP-based password attacks have been used by many malicious agents to successfully compromise Microsoft Office 365 and G Suite accounts. Multi-factor protection (MFA) protection.

The IMAP-based password theft method takes advantage of the fact that IMAP is the legacy authentication protocol that bypasses MFA, enabling an attacker to perform 'stuffing' attacks against elements protected.

Picture 4 of Google now allows G Suite administrators to disable unsafe 2FA authentication

  1. Google Chrome on Android has just been updated, doubling the page loading speed, saving up to 90% data usage

According to Proofpoint Information Protection Research Team, in a "recently completed 6-month study of customers renting large cloud services, Proofpoint researchers have observed many major attacks to take advantage of. legacy protocols and abolition of authentication information to increase the speed and efficiency of large-scale forced account compromises. "

In addition, the Proofpoint team also said that about 60% of all G Suite and Office 365 customers that were followed were targeted by IMAP-based attacks and about 25% of them were successful implementation, causing significant consequences.

Update 24 May 2019
Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile