Secure your Google Admin account with these best practices.

Here are a few access control and security features we recommend to keep your Google Admin account secure:

Require admins and key users to provide additional proof of who they are.

We recommend that everyone in your business use 2-Step Verification (2SV), but it’s especially important for admins and users who work with sensitive data such as financial records and employee information. If someone steals a password, 2SV can prevent them from accessing your account.

With 2SV, users need to verify their identity through something they know (their password) plus something they have (such as a physical key or access code). You should enforce 2SV for admins and key users, where possible with a FIDO compliant security key.

Protect your business with 2-Step Verification | Deploy 2-Step Verification

Create an additional super admin account.

A business should have more than one super admin account, each managed by a different person. If your primary super admin account is lost or compromised, the backup super admin can perform critical tasks while the primary account is recovered. You can create another super admin by assigning the super admin role to another user.

Assign administrator roles to a user

Super admins shouldn’t remain signed in to their account.

Super admins should sign in as needed to do specific tasks and then sign out. Staying signed in to a super admin account when not performing specific administrative tasks can increase exposure to malicious activity.

Daily administrative tasks should be done using an account with limited admin roles.

Pre-built administrator roles | Security best practices for administrator accounts

To learn more about security best practices for your Google account, review our security checklists.

Article Source: Google 9/5/2023