New option to make security codes more secure
Wednesday, December 4, 2019
With this launch we’re adding an option to restrict the use of codes to the same device or network that they were generated on.
End users: No action needed.
With this launch, there will be three options for security codes:
- Don't allow users to generate security codes. Users can’t generate security codes. This was previously available, and was the default setting.
- Allow security codes without remote access. Users can generate security codes and use them on the same device or local network (NAT or LAN). This is a new option, and replaces the don’t allow security codes as the default setting for new G Suite customers.
- Allow security codes with remote access. Users can generate security codes and use them on the same device or local network (NAT or LAN), as well as other devices or networks, such as when accessing a remote server or a virtual machine. The earlier version of security codes was effectively the same as this.
No impact to existing users
This launch won’t change the user experience unless an admin changes a setting in the Admin console. Specifically,
- Users who are currently assigned “Don’t allow security codes” will now be assigned “Don't allow users to generate security codes” and will still not be able to use security codes.
- Users who are currently assigned “Allow use of security codes,” will now be assigned “Allow security codes with remote access” and will be able to use security codes in the same way as before.
Use our Help Center to learn more about security codes and 2-Step Verification.
Security codes and the Advanced Protection Program for the enterprise
You can control security code use separately for your users in the Advanced Protection Program for the enterprise. Security code settings for those users are determined by controls at Admin console > Security > Advanced Protection Program. Settings for security code use here will override regular settings for those users. Read more about the Advanced Protection Program for the enterprise.
G Suite Updates blog: Use security codes to log in where security keys won’t work directly
- Rapid Release domains: Gradual rollout (up to 15 days for feature visibility) starting on December 4, 2019.
- Scheduled Release domains: Gradual rollout (up to 15 days for feature visibility) starting on December 4, 2019.
G Suite editions
- Available to all G Suite editions.
On/off by default?
- This feature will be OFF by default and can be customized on the domain, OU, or group level.
Stay up to date with G Suite launches