How is the password sent to Google from Active Directory when using G Suite Password Sync (GSPS)?

When using G Suite Password Sync (GSPS), passwords are transmitted to Google in a secure manner to maintain user confidentiality and data integrity. Specifically, passwords are not sent in plain text; instead, they are processed using a hashing algorithm. The correct method is to use a salted SHA-512 hashing technique over HTTPS.

The use of salted SHA-512 means that the original password undergoes a transformation where a unique salt is added before hashing. This method significantly enhances security by preventing attacks, such as rainbow table attacks, which could exploit predictable hashed values.

Additionally, transmitting the hashed password over HTTPS ensures that the data transfer is secure, protecting against interception during transmission. This layered approach to security—using both a strong hashing algorithm and an encrypted transport protocol—demonstrates best practices for maintaining sensitive information such as user passwords.