How to Enhance Security in Your G Suite Account

Staying safe and secure online is important. Account hacking or phishing is very common nowadays. It is necessary to keep information like your Gmail, Photos, Documents, whatever you have in your Google account safe and sound.

As a G suite user, a secure password and recovery information will help to protect your Google account.

Configure Recovery Option in your G suite account:

If you forget your password, having updated recovery information can help you get your account back in use. You can add your alternate email address or phone number as a recovery option in your G suite account by following the steps below:

• Go to Google account

• From the left panel options, click on Personal info

• From the Contact info section click on Email or Phone

• Add a recovery email address or phone number accordingly

Configure 2 Factor Authentication in your G suite account:

You can add an extra layer of security in your email account by configuring 2 step verification or 2-factor authentication.

You can set up 2 step verification  in your G suite account by following the steps below:

• Go to Google account

• From the left panel options, click on Security

• From the Signing into Google section click on 2-Step Verification

• Click on the Get Started and follow the remaining steps appearing on the screen to complete the process.

When you set up 2-factor authentication you can choose any of the below 3 options as a second verification step.

• Phone prompt

• Text message or Call

• Security key

If your organisation does not allow you to configure 2 step verification, you must check with your G suite administrator for enabling the 2-factor options.

Install the Google Authenticator App in your mobile devices:

When 2 step verification is turned on for your account, you can use Google Authenticator app (for Android and iPhone devices) to get the codes even when there is no internet connection or available mobile service.

• Go to Google account ( from your mobile device’s Settings app)

• From the left panel options, tap Security

• From the Signing into Google section tap 2-Step Verification

• From the Setup alternative Second step go to Authenticator app and tap Set up

• Follow the remaining steps appearing on the screen to complete the process.

• Check by verifying a code from Authenticator app

With Google Authenticator app you can issue codes for multiple accounts from the same mobile device.

If you don’t want to enter a 2-Step Verification code or Security Key every time you sign in to your Google Account, you can mark your desired computer or mobile device as trusted. In trusted devices, you don’t need to enter a verification code each time you sign in to your Google account.

If the device is lost or unavailable to receive the codes, your G suite admin can turn off this feature for the individual account or help you with Backup Codes for you to access your email account.

As a G suite administrator, you can enforce password requirements to protect your user's Google Accounts.

Password management:

Through password management option in the G suite admin console, you can configure password policies for your organisation.

• Login to G suite Admin Console

• Go to Security

• Go to Password management

To help users to keep their account secure, admin can take precautions as follows:

Enforce strong password; if you check this option, a predefined set of algorithms and rules will determine whether a password is strong while user updates or changes the password. It will also review common or previously used passwords.

Length and strength requirements are applied the next time an affected user changes the password. To apply changes on immediate effect, admin can start enforcement from the next time a user signs in.

Password length; G suite admin can set password length for user’s passwords by entering minimum and maximum length between 8 and 100 characters.

Disable reuse of old passwords; G suite admin can uncheck the option Password reuse in Password management to prevent users from reusing their old passwords.

Password expiration; G suite admin can force their users to change their password after a certain period of time by setting password expiration.

Once admin sets password expiration, 30 days prior to the expiry, users get 4 reminders to reset their password when they sign in. After the reminders, users are forced to change their passwords the next time they sign in.

Admin can also choose to never expire the users’ passwords.

Password monitoring:

Admin can see which of the users’ passwords are weak by monitoring their password strength.

• Login to G suite Admin Console

• Go to Security

• Go to Password monitoring

G suite admin can review each user’s password length and strength. The green number and complete bars indicate strong passwords. Red and yellow numbers, incomplete bars indicate weak or medium passwords. Based on this, admin can contact these users and ask them to update their passwords properly.

Verify user’s identity with extra security as Login Challenge:

Login challenges are Google’s by default additional security measurements to verify a user's identity. Before verifying a user's identity with the recovery phone number or email account, the details need to be updated in the respective accounts in the user interface.

When it has been suspected that an unauthorized person is trying to access one of your user’s accounts (might be from an unknown device or unknown network), Google throws an extra security question or challenge either by sending a verification code to the user’s phone or by calling the number or by sending OTP to the recovery email address.

Admin can enable login challenge for users by Employee ID as Employee IDs are more difficult to guess by unauthorized persons.

Before admin uses employee ID as a login challenge, the employee ID information must be stored in your users' account attributes. By default employee ID login challenge is off.

• Login to G suite Admin Console

• Go to Security

• Go to Login challenges

Google decides which will be the appropriate option to challenge a user based on multiple security factors. Google might not always ask users to confirm their employee ID, even if the login challenge by employee ID is turned on in the admin console.