I’ve been with BrianMadden.com in what’s turned into a fast-moving three months! Given how I started off here with relatively little EUC knowledge, I’ve had to absorb an astounding amount to keep up (that’s not meant to be a bad thing). I decided to cover one new feature of Google Chrome Enterprise announced at Google Next 2018 that I found interesting.
Google made 105 announcements at Google Next and I gravitated toward ones regarding their newest cloud security features. I’ve already covered their hardware two-factor authentication (2FA) push with the Titan Security Key and Jack covered Google Cloud Identity, so here I’ll quickly look at one of the three new features announced at Next that better allows IT to secure and manage cloud workers and that intrigued me.
Password Alert Policy overview
Google announced three features focused around improving management of cloud workers: cloud-based browser management, managed Google Play, and Password Alert Policy. While the first two are nice feature improvements, neither is especially revolutionary and work very much like other management products for IT admins that I’ve seen demoed. The Password Alert Policy, however, caught my eye and interested me the most—unlike the other two, I hadn’t seen anything like this before.
Like the other two features, this isn’t completely new, but rather an evolution of a popular Chrome browser extension already released, that alerts users to change their Google password if entered on a non-Google site. Like the extension, the Password Alert Policy only works if employees use Chrome, but it works with non-Google corporate accounts.
The admin has the ability to enable the policy (split into three policies depending how much IT wants Google involved), which will warn employees if it’s detected that they used a corporate password on either a non-whitelisted site or phishing website. The Chrome policy will then encourage users to change their password. The admin can designate a specific reset password page that a button on the warning page will direct users to.
The Password Alert Policy works on all major OSes, but Windows users will need Microsoft Active Directory to have it track corporate passwords effectively. It becomes generally available in September.
It’s not an especially complicated new feature and I like that, especially when paired with additional authentication measures like 2FA.
A cloud security report says that every month, 80% of organizations deal with third-party exploits due to stolen employee passwords. Additionally, 81% of hacking-related breaches are due to stolen or weak passwords. So, using the Password Alert Policy seems like a small measure to help solve an important problem.