Google Workspace admin accounts will now require two-step verification to access

Google 2FA security
(Image credit: Google)

Google has announced it will be enforcing two-step verification (2SV) for admin accounts across Google Workspace. 

For some users, the requirement is already being enforced, with others to follow. Super admins will be notified 30 days in advance via email and app notifications. Failing to setup 2SV within 30 days will result in users being locked out of their accounts and will need to follow the recovery procedure.

Google has also increased the number of dynamic groups from 100 to 500 for customers - these are groups whose membership is managed automatically, based on such criteria as their location or department within an organization. Google believes this increase will help reduce the amount of manual management.

Securing customers

In justifying the new authentication requirement, Google cites its own research which shows that auto-enabling 2SV for over 150 million of its users last year resulted in a 50% decrease in account compromises.

Google said the new requirement forms part of its commitment to protect the "security of our users" and will "help customers guard against data compromise and prevent account takeovers".

2SV adds a layer of protection to passwords, by making sure that the person inputting the password is a legitimate user, and not a threat actor who has managed to steal a user's credentials. 

Meanwhile, the dynamic group increase will be rolling out to Rapid Release and Scheduled Release domains gradually. It will be available for Google Workspace Frontline Standard, Enterprise Standard and Enterprise Plus, Education Standard and Education Plus, Enterprise Essentials Plus, and Cloud Identity Premium customers.

These new features follow other recent security-based updates to Google Workspace, such as the ability for admins to make custom notifications to inform users why certain messages they try to send are blocked. They can also include links to resources such as company guidelines for sending sensitive data, to give users more context.


Lewis Maddison
Staff Writer

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers. 

His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.

He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.