By Katelyn McWilliams Posted September 6, 2018
Many questions have emerged around password security. There are broad questions, such as what security requirements to enforce (e.g. password complexity, MFA), and then there questions that are specialized to the unique needs of your users and environment. For instance, is it possible to do a system-based password reset for G Suite™? Or is that a little nonsensical considering that to change your G Suite password you need to do that inside of Google’s G Suite console? Further, why would anyone want to change their G Suite password from their machine and not the browser? If I’m changing a G Suite password in the browser, isn’t that doing it on my machine? These are all great questions when it comes to password management, and today we’re going to answer them and discuss the usefulness of a system-based password reset for your users’ G Suite accounts.
Phishing: Say Goodbye To Your Online Persona
Our email is perhaps the most critical account that we have. All of our other IT services, banking, and online activities go through our email. Because of this, most online services assume that you have control over your email. If you want to change something significant on any of your various accounts, such as password resets, changes to profiles, and many other functions, those tasks are most likely going to be verified via email.
Getting back to the questions at the beginning of this post, they are all aimed at helping end users protect their most critical online account: their G Suite account.
Password changes and resets are a common attack vector for hackers to leverage in order to compromise end user email accounts. This is done through what’s called phishing—hackers send you a carefully crafted email that purports to require a password change or login to your account. When you click on the link to change or confirm your password, you are brought to a site that looks identical to G Suite and, if you are not careful, your user identity has been entered into the site and subsequently compromised. The 2018 Data Breach Investigations Report from Verizon states that 4% of people will click on any given phishing campaign. Be it a password change or one of those “Congratulations! You’ve won an all expenses-paid vacation to the Bahamas,” scams that we’re all so familiar with, the likelihood of someone falling for one of these traps is much higher if they’ve previously been a victim.
Utilizing JumpCloud® For Your System-Based Password Resets
And, this is where the idea of a system-based password reset for G Suite comes in. By connecting your system password with your other online accounts such as G Suite, you are able to ensure that your password change on your own machine, within the OS, isn’t compromised by being entered into a malicious site. This is now possible through the JumpCloud® Directory-as-a-Service® platform. By changing the system password through our System App that sits on a laptop or desktop OS, end users can avoid the need to go to an external web property to change their password. This should be comforting for IT admins concerned about their end users getting phished. Our System App alleviates work off of your IT admin by automatically reminding your end users to reset their password for increased security.
Going one step further, through JumpCloud’s cloud directory service, a user identity can be connected to a wide range of IT resources including laptops/desktops, on-prem and cloud servers, web and legacy applications, physical and virtual file servers, as well as wired and WiFi networks. Through the JumpCloud desktop password change application, a user can change their password on their Mac® laptop, for example, and that change can propagate through to their Mac, AWS® cloud servers, G Suite, OpenVPN™, NAS file server, and their Meraki® WiFi network. The password change can be disseminated via a number of protocols including LDAP, RADIUS, SAML, and others.
IT admins get more control and security over online accounts, while end users get more efficiency. It’s a win-win scenario through a simple, yet powerful approach to system-based password resets for G Suite (and other IT resources).
If you’re interested in seeing how JumpCloud Directory-as-a-Service will improve your password management and security, drop us a note! Want to see it in action? We encourage you schedule a demo with our expert team and sign up for a free account. Your first ten users are free forever. Our YouTube channel is also an excellent resource for tutorials, information, and JumpCloud news.