I’d like to remove the option in GSuite that allows users to have their “device trusted.”
The effect on users is that they will HAVE to enter 2FA information every time they login, instead of every 30-days or so. I understand that this is more of a hassle, but it increases the security of a good portion of our organizational risk and I think it is worth it.
This is particularly important as I cannot and will not ever mandate company wide hardware or surveillance software to ensure your system is secure. The burden of this task is on the individual core contributor and it isn’t a “once and done” situation as the security of your devices is dynamic.
I post this hear to broadcast my intentions with some justification, and give y’all some room to push back if you feel this is a bad idea.
Discuss. If nothing comes back, I’ll announce when I will make the shift and provide some information how to adjust.