|
|
|
|
|
|
by dotty-
1004 days ago
|
|
|
> Google Workspace makes it very easy to set up "Advanced Protection" on accounts, in which case it requires using a hardware key as a second factor, instead of a phishable security code. This isn't immediately actionable for every company. I agree Retool should have hardware keys given their business, but at my company with 170 users we just haven't gotten around to figuring out the distribution and adoption of hardware keys internationally. We're also a Google Workspace customer. I think it's stupid for a company like Google, the company designing these widely used security apps for millions of users, to allow for cloud syncing without allowing administrators the ability to simply turn off the feature on a managed account. Google Workspace actually lacks a lot of granular security features, something I wish they did better. What is a company like mine meant to do here to counter this problem? edit: changed "viable" for "immediately actionable". It's easy for Google to change their apps. Not for every company to change their practices. |
|
|
What is hard about mailing everyone a hardware key? I honestly don't see the problem. It's not like you need to track it or anything, people can even use their own hardware keys.
1. Mail everyone a hardware key, or tell them if they already have one of their own they can just use that.
2. Tell them to enroll at https://landing.google.com/advancedprotection/
> Google Workspace actually lacks a lot of granular security features, something I wish they did better.
Totally agree with that one. Last time I checked you couldn't enforce that all employees use Advanced Protection in a Google Workspace account. However, you can still get this info (enabled or disabled) as a column in the Workspace Admin console so you can report on people who don't have it enabled. I'm guessing there is also probably a way to alert if it is disabled.