- Google is making changes in the security of your work space account
- Passkey support has been implemented to reduce phishing’s effectiveness
- DBSC and SSF will mite
Google Workspace is increasing its defenses against the acquisition of the account after a year after year in successful attacks.
The company says that 37% of the account acquisitions use phishing or theft of credentials as an attack vector, and there was an 84% increase in email infiners delivered in 2024 during the previous year, with the most common method being the theft of cookies token and authentication.
To mitigate this, Google is making three changes in the work space productivity set to reduce the risk of accounts acquisition and better protect attack organizations.
Account Safety
First, Google has implemented Passkey support to more than 11 million accounts of Google’s work space, making them more resistant to Phishing than ever and facilitating customers logging in.
Google has also expanded administrator access to Passkey tools, allowing them to audit Passkey registration and restrict reference passes to certain formats such as physical security keys.
Secondly, Google Workspace now offers device session credentials (DBSC) in Beta Open. DBSC are a hardware -backed security mechanism that uses a cryptographic key matched with the user’s device.
Every time session cookies are updated, Google Chrome verifies that it is definitely the user in account control when verifying the private password that is kept in safe storage on the user’s device. This significantly mitigates the potential that stolen cookies are used to kidnap sessions and acquisition accounts, which is quickly becoming one of the most successful methods for the acquisition of accounts.
Finally, Google will soon present a shared signal frame receiver (SSF) in Beta closed. This will allow platforms to communicate in real time on new security signals, as a greater risk of a particular account. In addition, SSF will also allow organizations to share key user information, such as devices between safety solutions.
In general, Google’s steps to increase the safety of the work space account will help create a perfect login experience for users while adding an additional security layer against phishing, as well as the theft of cookie token and authentication.
In addition, additional controls for administrators and the inclusion of SSF that will soon lead to SSF will facilitate security equipment to evaluate and improve the general security position of their organization.
