How to Enforce 2FA in Google Workspace

Employees are our first line of defense when it comes to cybersecurity – but how can we be sure we are doing everything we can to help them keep our company safe?

Enter two-factor authentication (2FA) enforcement.

As a small business you may or may not have policies around requiring your employees to have good, strong passwords or using 2FA on their accounts. By enforcing 2FA in Google Workspace, your company’s google accounts will be safer.

(Want more information on 2FA? See this blog post here.) 

Things to Consider With Enforcement  

Remind Employees of Your Company Policy & Why It’s Important
Ask employees to review your company’s security policies. Don’t have a policy regarding two-factor authentication? That’s okay! Remind your employees that using 2FA will help keep the company safe and will help protect the company’s data, your clients data, and even personal data.

Make Sure They Have the Right Tools
Set them up for success by letting them know what authentication app you want them to use (we recommend using 1Password or Duo Mobile) and providing instructions on how to set up 2FA for their accounts.

Give Your Employees a Heads Up
Make sure that you give your employees enough time to get comfortable with using 2FA on their email accounts. Once you enforce 2FA, be sure to give your employees 2 weeks to get everything set up. 

How to Enable 2FA in Your Google Workspace

Enabling 2FA in Google Workspace account is a relatively simple process:

Step 1: Head to and log into your admin console.

Step 2: On the left hand side bar, click “Security”. You may need to click “Show More” to view this option. Then click “Overview”.

Step 3: Scroll down to 2-Step Verification and click to open it. 

Step 4: Now we will enforce 2FA for our users by choosing the following options:

  1. Click Allow users to turn on 2-Step Verification. 
  2. Click Enforcement: On From and choose a date. This will start the enforcement on the date you choose and will not allow users to log in unless they have 2FA set up beforehand (we recommend giving them 2 weeks). Note that if you select turn on now, all your existing users who haven’t enabled the 2FA will be locked out.
  3. New User Enrollment Period: We recommend 1 week. When you onboard a new employee or user, they will have 1 week to set up 2FA on their account. 
  4. Frequency: Allowing users to trust the device defeats the purpose. Do not allow this.
  5. Methods: We recommend Any except verification codes via text/phone call, as this is the least secure method.
  6. Save!

More Like This

DMARC: Secure Your Domain with Email Authentication

In a world where email communication is essential but also vulnerable to cyber threats like phishing and fraud, DMARC emerges as a crucial tool for safeguarding email domains. DMARC, or Domain-based Message Authentication, Reporting, and Conformance, acts as a virtual guardian, verifying the authenticity of emails claiming to originate from a domain. By implementing DMARC, domain owners can prevent unauthorized use of their domains and protect recipients from malicious emails.

Read More »

Subscribe to our newsletter for the latest Geek Girl Tech news & updates!

Finally, DIY security for all.

Learn how to keep your business safe by joining the waitlist for our DIY Security offer – coming soon.