While passkeys and DBSC make it markedly more difficult for bad actors to gain unauthorized account access, being able to secure user accounts when a change in risk has been detected is essential. To that end, we are developing a receiver to consume security signals from security partners. The Shared Signals Framework (SSF) is an OpenID standard designed to enable platforms to exchange crucial security signals in near real-time. This framework acts as a robust system for "transmitters" to promptly inform "receivers" about significant events, facilitating a coordinated response to security threats.
Beyond threat detection and response, signal sharing also allows for the general sharing of different properties, such as device or user information, further enhancing the overall security posture and collaborative defense mechanisms. We intend to expand this beta program to identity and endpoint security partners, as well as to customers in the coming months. For more details, learn more about becoming a partner in this article.
Next stepsToken theft has emerged as a substantial compromise threat, making the evaluation and implementation of Device Bound Session Credentials (DBSC) a crucial priority for customers. To enhance security and prevent account takeovers stemming from phishing and infostealers, we recommend customers enable passkeys and DBSC immediately. Additional information and implementation specifics can be found in the resources below:
Passkeys: Sign in with a passkey instead of a password
DBSC: Make online sessions more secure (beta)
To learn more about Workspace and a safer way to work, read our latest blog post on enterprise security and explore our complete suite of offerings on our web page.