Security Process Update: Don't allow devices to be remembered in GSuite

I’d like to remove the option in GSuite that allows users to have their “device trusted.”

The effect on users is that they will HAVE to enter 2FA information every time they login, instead of every 30-days or so. I understand that this is more of a hassle, but it increases the security of a good portion of our organizational risk and I think it is worth it.

This is particularly important as I cannot and will not ever mandate company wide hardware or surveillance software to ensure your system is secure. The burden of this task is on the individual core contributor and it isn’t a “once and done” situation as the security of your devices is dynamic.

I post this hear to broadcast my intentions with some justification, and give y’all some room to push back if you feel this is a bad idea.

Discuss. If nothing comes back, I’ll announce when I will make the shift and provide some information how to adjust.


this article has some additional points on this concept: Device Trust in a Zero Trust World | Twingate

Please make it optional. Making the UX worse or more cumbersome for the advantage of increased privacy will not attract the mainstream.

this is only a factor for access to internal services, not for the end user using Status.

1 Like