Password reset for Google Suite Organization

Hello, I have google suite customer that has about 30 users and the owner wants me to force everyone to change their email password. I haven't found a place that I can force the entire organization to do a password reset nor a way to go to each account and force a password change the only thing I could think of is send out an email telling everyone that we are planning on doing a password reset on a date and time your password will be abc12345 and when you enter that password it will force you to change it to a password of choice. This idea just seems like I am creating a morning full of phone calls. Also was going to send an email with instruction on updating email password for android and IOS prior to doing this to cut down on the calls for that issue.  Any thoughts on a better way or something I may not be thinking of?
Who is Participating?

Personally, I believe that forcing password changes is actually a negative for security in general.

I would be talking to the owner, and trying to understand why they want to do this.  Perhaps they talked to someone who said they should, but that someone is a bit clueless or stuck in the past.

If they have reason to think that one password has been compromised, then change that one password.

On the other hand, they might have reason to think that many or all of the passwords have been compromised (for example, an employee was found to have been asking for and keeping a record of everyone's passwords) in which case, maybe a mass change is warranted.

The possibilities are numerous, but I would definitely want to understand what threat they *think* they are addressing, so that I could advise them on the best way forward.

Deerek11Author Commented:
I always thought a good password reset schedule is good possible every 90 days or so ....  But you would advise not to change email passwords at all or this is a thing of the past a good stong password doesn't need to be changed often?
I world ask what risk you are trying to mitigate by forcing a password change?

Many people, on being forced to change their password, either add a number to the end, or rotate between a few passwords, or write them down.

If someone has a good password, and it has not been compromised, why change it?

I note that some government agencies do advise changing passwords periodically, but I don't believe that is necessarily good advice.

If it is policy though, then you should follow policy unless and until you can get it changed.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.