First, the bad news: Your Google Apps login is the key to accessing every scrap of data in your Google Apps account—which makes it the most enticing target for hackers looking to compromise your Google Apps security. Worse, if you’re the administrator of your domain, compromising your Google Apps login gives hackers complete access to every account on your domain.
Now, the really bad news: Odds are, hackers already know two of the three pieces of data necessary to compromise your Google Apps login—your email address and the login URL for your Google Apps domain control panel. The email address is something you’ve spread to the known universe in order to be reachable online. Everything after the @ sign in your email address is all a hacker needs to complete the google.com/a/yourdomian.com URL to, at best, reach all of your Google Apps domain services and, at worst, pose as your domain administrator.
Finally, the good news: You can take measures to secure the one-third of your Google Apps login that hackers don’t already know—your password.
Ironically, the one portion of your Google Apps login you can reasonably secure is also the one area where most users are, to be blunt, completely incompetent. A full 20 percent of all users employ one of the ten most common passwords. And no, even domain administrators aren’t immune from these habits.
Andy Wolber outlines five steps to take to lock down your Google Apps domain, and the first three are all about defending your Google Apps login:
- Enable mandatory SSL on your Google Apps domain
- Increase the minimum Google Apps password length
- Enable two-factor authentication on your Google Apps domain
Follow these three simple steps—and don’t choose an obvious password while you’re at it—and you’ll make your Google Apps login that much harder to guess, and your Google Apps domain that much more secure.