Google Cloud will make multi-factor authentication (MFA) mandatory for all users from January 2025. This measure will initially affect the 30 percent of customers who currently only authenticate themselves with a password.
The announcement is part of an industry-wide development in which leading cloud providers are increasingly relying on multi-level security mechanisms. Other industry giants such as Amazon Web Services and Microsoft Azure have announced similar steps. Database specialist Snowflake introduced the requirement for multi-factor authentication back in July. The Mountain View-based company, which introduced multi-factor authentication for private users back in 2011, argues that cloud implementations require special protection.
“Given the sensitive nature of cloud deployments — and with phishing and stolen credentials remaining a top attack vector — we believe it’s time to require 2SV for all users of Google Cloud.,” the company explained in a statement. This is based on the findings of the US Cybersecurity Agency (CISA), according to which the probability of a successful hacker attack is reduced by 99 percent with MFA.
Gradual introduction
Implementation will take place in three clearly defined phases: From November this year, Google Cloud will initially launch an awareness campaign. In this first phase, users who are not yet using multi-factor authentication will receive instructions and support for the changeover. The Google Cloud platform will provide resources to help with the planning and introduction of the stricter security measures.
The second phase, in which multi-factor authentication will become mandatory for all users who previously only logged in with a password, will begin at the start of 2025. This change will affect all Google Cloud services, including the Firebase console and the gCloud tool. It will no longer be possible to use them without MFA activated.
In the third and final phase, which is planned for the end of 2025, the requirement for multi-factor authentication will also be extended to users who log in to Google Cloud via central login systems. Flexible implementation options are planned for this group. The MFA can be activated either directly at Google or at the respective identity provider. The Group is working closely with leading identity providers to ensure a smooth transition.