close
close

Mondor Festival

News with a Local Lens

MFA will be mandatory on all Google Cloud accounts by 2025
minsta

MFA will be mandatory on all Google Cloud accounts by 2025

Google is making multi-factor authentication mandatory by the end of 2025 for all Google Cloud accounts.

The tech giant said in a recent announcement that it would begin the transition with a phased rollout to help users adapt more easily.

Why MFA for Google Cloud?

Multi-factor authentication has long been recommended in the technology industry and cybersecurity sector. By implementing an additional verification step, MFA significantly reduces the risk of unauthorized access, data breaches and account takeover attacks, even if passwords are compromised. Google’s push for mandatory MFA follows alarming cybersecurity trends, with a rise in sophisticated attacks against cloud infrastructure and sensitive data.

“This change is supported by strong evidence from both our own experience and that of U.S. government agencies,” Google said. “THE Cybersecurity and Infrastructure Security Agency (CISA) found that MFA makes users 99% less likely to be hackeda powerful reason to make the change.

The mandatory MFA requirement for Google Cloud will be introduced in three stages to make the process easier for users and businesses.

  1. Phase 1: Encouragement and awareness (early November 2024)
  • Starting immediately, Google will encourage Google Cloud users who are not yet using MFA to enable it, by displaying reminders directly on the console screen. This phase primarily targets the estimated 30% of cloud users who rely solely on password access, incentivizing them to move to MFA.
  1. Phase 2: Notifications to activate MFA (early 2025)
  • In early 2025, Google will notify all existing and new Google Cloud users who are still using passwords only to enable MFA. These notices will appear on Google Cloud Console, Firebase Console, gCloud and other related platforms, giving users ample time to make the transition.
  1. Phase 3: Mandatory MFA requirement (end of 2025)
  • By the end of 2025, MFA will be mandatory for all Google Cloud users, including federated users who sign in with an external identity provider. These users will have the option to use their provider’s MFA solution or add an additional layer via Google’s MFA options.

To make MFA adoption as seamless as possible, Google has developed a range of MFA options, including access keys that leverage biometric data for a smoother and more secure experience.

How to enable MFA on Google Cloud

Users can proactively enable MFA on their Google Cloud accounts by visiting their account security settings. Here’s a quick guide to setting up MFA on Google Cloud:

  1. Visit security.google.com.
  2. In the “How to sign in to Google” section, select 2-step verification.
  3. Follow the on-screen instructions to complete the setup, which may include options for app-based verification or biometric passkeys.
Source: Google
Source: Google

For accounts managed through Cloud Identity, note that some users may not see the “Two-Step Verification” option due to administrative restrictions. Business administrators can consult the official Google guide for more information on setup or contact their account manager for assistance.