Search
Clear search
Close search
Google apps
Main menu

Google Apps is now G Suite. Same service, new name. More about the name change.

Set password strength and allow non-admin password reset

As a G Suite administrator, you can help protect your users' accounts by:

  • Setting length requirements to prevent users from creating passwords that are too short
  • Managing and monitoring the strength of their passwords. Help your users choose strong passwords by sharing our password selection tips.
  • Allowing each user to reset their password without administrator assistance.
Set password length requirements
  1. Sign in to the Google Admin console.
  2. From the dashboard, click Security > Basic settings.
  3. In the Password strength section, enter a minimum and maximum length for your users' passwords.

    The Admin console requires passwords to be at least 8 characters. The password length must be between 8 and 100 characters.

  4. Click Save changes.
Monitor each user's password strength

View the length of each user's password with a graph showing its relative strength based on other criteria. The graph's indicators can assess password strength upon user sign-in. The indicators change over time relative to your password length requirements and common passwords known to be vulnerable.

  1. Sign in to the Google Admin console.
  2. From the dashboard, click Security > Password monitoring.
Enable non-admin user password recovery

You can set up the system to allow your non-administrator users to reset their passwords on their own. Your users need to have set up a recovery phone number where they can use a voice message or a text message to receive their recovery code or a recovery email address. They can reset their password by entering the email address they use to sign in to Google. They are then prompted through the process.

G Suite for Education K12 users can't supply a recovery phone number or a recovery email address. This feature isn't applicable for them.

G Suite for Education college users and K12 staff who can supply a recovery phone number or recovery email address can use this feature.

Users with 2-Step Verification who have set up a recovery phone number or a recovery email addresscan reset their password by answering the questions correctly and then receiving a recovery code on their phone or at their recovery email address. If they don't have a recovery email, have lost access to it, or fail to answer the questions correctly, they'll be prompted to contact their administrator.

If you're running Single Sign-On (SSO), then this feature isn't available. You won't see the Enable/disable non-admin user password recovery link.

If you're running G Suite Password Sync (GSPS), then this feature isn't applicable. Because GSPS is used to keep G Suite passwords in sync with Active Directory passwords, GSPS users use Active Directory to reset passwords.

The default Enable/disable non-admin user password recovery setting is off. If you want your users to reset their passwords on their own, change this setting to on.

 

Restricting access after off-boarding users

If you enable this feature to allow your users to recover passwords, pay close attention to your user off-boarding process.

When a user is terminated, an administrator must remove the recovery email address and the recovery phone number for the terminated user so they can't use the password recovery feature.
 

Restricting access to hijacked accounts
 

If you suspect that an account with user password recovery enabled is being hijacked, we recommend that you sign in to the account as the user and go to Account settingsSecurity to verify that the account recovery email address and phone number both belong to the legitimate user. If they don't, remove the recovery email address and the recovery phone number.
  1. Sign in to the Google Admin console.
  2. From the dashboard, click Security > Basic settings.
  3. In the Password management section, under the Password recovery heading, click the Enable/disable non-admin user password recovery link to access the Advanced security settings.
  4. In the Recovery section, under the Password recovery heading, check the Enable non-admin user password recovery box.

 

Was this article helpful?
How can we improve it?
Sign in to your account

Get account-specific help by signing in with your G Suite account email address, or learn how to get started with G Suite.