undefined | Better HN

0 pointsvel0city4y ago0 comments

For Workspace accounts, an admin can choose to enforce complexity requirements on next login after making changes to the complexity requirements.

0 comments

onphonenow4y ago

Right, we've found actually simple passwords but with the mandatory 2FA turned on works really well. The 2FA google uses is a gentle touch in most cases (can persist on a device for 30 days).

Google has nice 2FA controls. In a workspace setup you can actually tweak them to match your needs because the lockout / reset path (was) pretty reasonable (when it was onsite). Ie, we could disable certain methods and for some higher security groups you can provide hardware keys and then turn that group up a bit.

Never had to rotate passwords and users are glad for that I think.

I do wish google offered "Cloud Chrome" for admin staff to open email / click on links etc. Basically a remote VM with chrome but no file access directly.

j / k navigate · click thread line to collapse

0 comments

onphonenow4y ago

Right, we've found actually simple passwords but with the mandatory 2FA turned on works really well. The 2FA google uses is a gentle touch in most cases (can persist on a device for 30 days).

Never had to rotate passwords and users are glad for that I think.

I do wish google offered "Cloud Chrome" for admin staff to open email / click on links etc. Basically a remote VM with chrome but no file access directly.

j / k navigate · click thread line to collapse