Google Workspace strong password enforcement disabled
Description
AlphaSOC detected that strong password enforcement was disabled in Google Workspace settings. Strong password enforcement requires users to create passwords that meet complexity requirements, helping protect accounts against brute force and credential guessing attacks.
Impact
Disabling strong password enforcement allows users to create weak passwords that are easier for attackers to guess or crack. Weak passwords increase the risk of account compromise through brute force attacks, credential stuffing, and password spraying. This configuration change weakens the overall security posture of the organization's Google Workspace environment.
Severity
| Severity | Condition |
|---|---|
Informational | Strong password enforcement disabled |
Investigation and Remediation
Review Google Workspace Admin audit logs to identify who disabled strong password enforcement and verify whether the change was authorized. Assess the impact on organizational security policies.
If unauthorized, immediately re-enable strong password enforcement. Consider forcing password resets for users who may have changed their passwords to weaker alternatives during the exposure period. Review other security settings to ensure they remain properly configured.