- Google makes changes to its work area account -Sece
- Passkey -SUpport has been rolled out to reduce phishing -efficiency
- DBSC and SSF will reduce cookie -token -theft and improve security tool communication
Google Workspace raises its defense against taking over account after one year to year in successful attacks.
The company says that 37% of the account takeover use phishing or identification theft as an attack vector and that there was an increase of 84% in email-delivered infosteals in 2024 in the previous year, where the most common method was cookie and approval token theft.
To mitigate this, Google makes three changes in the work area productivity suite to reduce the risk of taking over account and better protect organizations from attacks.
Seamless account security
First, Google has rolled Passkey -Support to over 11 million Google Workspace accounts, making them more phishing resistant than ever and makes it easier for customers to log in.
Google has also extended administrator access to Passkey tools that allow them to revise Passkey registration and limit packages to certain formats such as physical security keys.
Secondly, Google Workspace now offers device -bound session -credentials (DBSC) in Open Beta. DBSCs are a hardware -supported security mechanism that uses a cryptographic key paired to the user’s device.
Each time session cookies are updated, Google Chrome verifies that it is definitely the user in control of the account by verifying the private key stored in secure storage space on the user’s device. This reduces the potential for stolen cookies significantly to hijack to hijack sessions and acquisition accounts, which quickly becomes one of the most successful methods of account takeover.
Finally, Google will soon introduce a Shared Signal Framework recipient (SSF) recipient in closed beta. This allows platforms to communicate in almost real time on new security signals, such as increased risk of a particular account. In addition, SSF will also allow organizations to share key user information such as device types between security solutions.
Generally, Google’s steps to increase the work area account security will help create a trouble -free login experience for users, while also adding an extra layer of security against phishing, as well as cookie and approval token theft.
In addition, the extra controls for administrators and the soon -to -be SSF will make it easier for security teams to evaluate and improve the overall security position for their organization.
