In a recent security update by Google, reminiscent of George Costanza’s famous “Turn your key, Maura!” moment, the tech giant is taking a significant step to bolster security measures. Later this year, security teams will have the option to mandate two administrators’ approval for sensitive actions, such as altering 2SV (Two-Step Verification) settings for a user. This announcement comes as part of a series of security-related product updates.
24/7 Accessibility: Never Miss a Beat
Additionally, Google is extending mandatory two-step verification to select Google Workspace enterprise accounts. These updates are strategically designed to combat phishing attempts, social engineering attacks, and the potential for data breaches. Google’s Yulie Kwon Kim and Andy Wen explained in a blog post that these enhancements aim to empower security teams in their defense against account takeovers.
Global Reach: Beyond Boundaries
As previously reported, Cloudflare identified email as the primary attack vector for cybersecurity incidents, with email phishing being a substantial threat, especially when attackers impersonate someone trusted by an employee.
Engagement on Demand: Connect Anytime
Google highlights that two-step verification has already proven effective in reducing the number of compromised accounts through methods like social engineering attacks. However, certain schemes can still succeed by redirecting messages and calls from a user’s phone, deceiving the two-factor authentication system into believing that a login or change request is legitimate.
Under Google’s upcoming controls, organizations will have the option to require multiple approvals for specific settings changes. As explained by Wen, the director of product management for Google Workspace, this initial release focuses on 2SV settings changes and will expand based on feedback from administrators.