Cyber threats like phishing and session hijacking continue to grow, making it more important than ever for organizations to strengthen account security. Google Workspace has introduced several new tools designed to make accounts harder to compromise and easier to secure.
Passkeys Are Now Available
Passkeys replace traditional passwords with cryptographic keys stored on your device. And they’re simple to use—just unlock your device with your PIN, fingerprint, or face ID to sign in.
Passkeys are more resistant to phishing since attackers can’t trick you into revealing them. They also speed up logins saving users up to 40% in time compared to passwords.
More than 11 million Google Workspace users are already using passkeys, including many schools and businesses. Organizations like Wake Forest University report that moving to passkeys has improved their security and user experience.
Device-Bound Session Credentials
Now in open beta for Chrome on Windows, DBSC (Device Bound Session Credentials ) helps secure your session after you log in. It ties your session cookies, which are small files that keep you logged in, to the device you used to authenticate. This means if someone steals this session cookie, they can’t use it on another device.
Benefits include:
- Ensuring only your original device can access your account during an active session
- Making it harder for attackers to hijack sessions with stolen cookies
- Providing extra protection when used with context-aware access, which adjusts security based on the situation
Some customers are already using DBSC to better protect their users, with plans to expand its capabilities.
The Shared Signals Framework (SSF)
Coming later this year, SSF is a new system that allows security platforms and partners to share real-time alerts about threats. If suspicious activity is detected, signals can be quickly communicated across systems, helping prevent account takeovers before they happen. This framework supports better collaboration and faster response times.
These updates are designed to address the increasing frequency of credential theft and session hijacking. Using passkeys and DBSC makes it much more difficult for attackers to gain unauthorized access, even if they have stolen login information or session cookies.
Organizations should consider enabling passkeys and DBSC as soon as possible to protect their users.
Learn more about these security features on their official support articles
You can also visit their official blog post here to learn more about these new integrations and offerings.
Leave a Reply