Hacker News new | past | comments | ask | show | jobs | submit login

Hi profmonocle

We're limited on what we're able to share in public forums related to specific customer situations.

If you're not already doing the following we recommend the following steps to protect your G Suite account - have more than one super admin - ensure an up-to-date recovery email is in the account profile - ensure an up-to-date recovery phone is in the account profile - ensure account profile is properly updated - use two factor authentication for all users (ideally user security keys) - at a minimum, ensure that your G Suite administrator users are using two factor authentication

Lots more info on G Suite security best practices can be found here: https://support.google.com/a/answer/7587183




If the story in the OP is true, none of those steps would have mattered, because the entire organization was banned. Protecting admin accounts is very doable, preventing all your employees from ever doing anything bad with their accounts is impossible.

I realize you can't comment on specific incidents, but a simple statement from Google saying "no, we definitely won't ban entire organizations including connected personal accounts because of one user's actions" would go a long way to put people at ease here.


Looks like a pretty big "if" at this point. The user didn't respond to any DMs from Google and the story sounds very suspect.

They won't make a blanket statement like you want because there are bad actors out there that they have to respond to.

Anyways, there's 24x7 phone support and ways to get support even if you're completely locked out. What more do you want?


>Anyways, there's 24x7 phone support and ways to get support even if you're completely locked out. What more do you want?

Umm the 24x7 phone support number is not listed on the web page.

To get the phone number, you need to log in.

How do you log in, if you're locked out?

>What more do you want?

What do you think?


Well, from the post from G Suite support person [1], there's

https://support.google.com/a/contact/admin_no_access

[1] https://news.ycombinator.com/item?id=17120223


To be honest, your team should make addressing this story in public a priority because it has given you a lot of negative attention. There are hundreds of comments spread out between this HNews post, the sysadmin cross-post, and the tifu post. I'd be really curious to know if the entire story was made up altogether or if there was any missing info that was pertinent to what happened and why.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: