The Risks to Updating Passwords on G Suite

Written by Brandon White on September 21, 2020

Share This Article

We know that for many organizations, G Suite™ accounts are core to employee productivity. Google’s G Suite is a bundle of cloud-based software applications companies can offer their employees to get their work done efficiently. It is where end users can compose, send, and communicate through email, create documents and presentations, schedule and host meetings, and even collaborate with colleagues and others.

We also know that a compromised G Suite account can spell disaster. With more than 6 million organizations using G Suite paid applications, it is crucial for businesses to protect their employees’ core identities.

In this article, we’ll discuss five risks associated with updating employee passwords on G Suite, and present an alternate approach to safely update your G Suite password.

1. The Risk with Email as a User Authentication Method

Before we get into the risk of updating your password on Gmail, let’s expand on the importance of your work email account. Email is still widely used as the number one way for your workforce to communicate both internally and with those you do business with. Beyond being a communication tool, email accounts have now become a method of user authentication. User authentication is the verification of an active human-to-machine transfer of credentials that is required for confirmation of a user’s authenticity.

Now, organizations are increasingly dependent on web applications. A quick way for employees to access these applications is by using their email account to authenticate. When creating access to another service or application — such as Slack, Salesforce, GitHub, Zoom, and thousands of others – employees can validate their personal identity by getting a verification email sent to their Gmail accounts.

When you forget your password, Google sends you an email to your provided account, your G Suite account (or secondary email account), with a link to update your password to the service. This means that over time your G Suite account can be linked to tens, if not hundreds of other services.

That’s where we see the most risk with updating Gmail passwords.The more services joined to your email account, the more vulnerable your account is to a security breach.

2. The Risk of Updating Passwords on Websites

Next, we’ll discuss the risk of updating passwords on websites. As we know, hackers compromise identities from websites. This is because G Suite end users need to visit an external website to update their login credentials. How do hackers go about this? The easiest path to obtaining credentials is to trick end users into providing them.

Hackers send end users a very legitimate-looking email (a phishing email) that prompts users to change their password. End users click a link from their email and are then redirected to a deceptive site run by the hackers to capture login credentials. The end user believes they are visiting the G Suite site as they intended.

This is a massive problem for IT admins and managed service providers (MSPs). Most MSPs know that this is a vulnerability for their clients, but it is a very challenging problem to solve. Therefore MSPs are constantly fighting against phishing attacks with a wide range of solutions. 

3. The Risk of a Closed Ecosystem

The third risk we have seen is that G Suite identities live in a closed ecosystem. Unlike Active Directory®  (AD) or LDAP, where IT admins and MSPs have control over identities and can federate passwords wherever they like, G Suite limits these capabilities for admins.

The challenge with G Suite’s closed ecosystem is that Google identity management capabilities are almost entirely exclusive to Google services. In other words, IT admins are generally out of luck if they wish to manage IT resources that live outside of the Google ecosystem (e.g. systems, servers, networks, etc.).

Of course, we understand this is done for security reasons. However, G Suite’s closed ecosystem does constrain IT’s ability to provide their users with one identity that can access virtually all IT resources. 

G Suite’s closed systems risks IT admins ability to optimize maintenance, impacts their ability to effectively secure employee identities and disrupts the process of assisting users when a malfunction occurs. From an IT perspective, having just one system in the dark leaves an organization vulnerable because that system’s security is now in the hands of the end user.

4. The Risk of Multiple Identities

Ultimately, the issue isn’t necessarily just updating a password on G Suite — although we highly advise against it – but having identities strewn across your landscape. Ultimately, G Suite struggles to be the core identity across IT resources such as AWS, Mac, Windows, and Linux machines, WiFi and VPN networks, file servers, and much more. With every one of these IT resources having a unique identity, it becomes challenging for IT to control, manage, and secure that environment. A password update on G Suite, does not propagate to all of an end user’s IT resources.

5. The Risk of Phishing

The last risk we’ll cover is the threat of phishing. As mentioned above, a phishing attack occurs when hackers send an unsuspecting end user a very legitimate-looking email in Gmail. This email contains a link that redirects the user to a fake website run by the hacker. The site typically asks for login credentials, eventually giving the hacker access to your G Suite accounts.

Why put end users in a position where they need to update their password on the G Suite console? It may seem easier for the end user but this action impedes IT’s ability to securely manage IT properties. 

An alternative is to let your end users update their core password on their machine through a native OS application. This update, done locally on the machine, is automatically propagated to wherever it is needed — on the machine, to G Suite, AWS, and much more. An approach like this can change the game completely for IT admins trying to protect and prevent identity compromises for their end users.

A Better Alternative

At JumpCloud we offer a better alternative. By leveraging a cloud directory platform, IT admins can eliminate the risks involved in password updates on G Suite. With JumpCloud, IT organizations can federate a core identity to virtually everything that users need to access.

If your organization is thinking about moving to the cloud, integrating G Suite and JumpCloud is essentially a method that can remove the need for almost any on-prem infrastructure. IT admins can manage cloud-based solutions with less maintenance, plus everything is in a scalable model allowing companies to grow easily and only pay for what they need. Core services like email, productivity applications, and directory services are dramatically changed for the better.

How does it work? It takes just one click with the G Suite import tool. Feel free to drop us a line, or schedule a guided demo of our platform. If you’re ready to get your hands dirty, you’ll be happy to know that we offer a free account that will allow you to manage 10 users and 10 systems for free, with 10 days of premium 24×7 in-app chat support. Sign up today.

Brandon White

Brandon is an enthusiast, solutionist, and JumpCloud’s Technical Evangelist, active in journalism and IT in cities across the US for over 25 years. Pick his brain on Slack in the JumpCloud Lounge:

Continue Learning with our Newsletter