Google Cloud To Implement MFA as a Mandatory Feature

Google Cloud users will soon have to use multi-factor authentication, if they haven’t yet, as Google mandates MFA. Though this won’t be an abrupt move as Google plans a phased transition to facilitate users.

Google Cloud MFA Is To Become Necessary In 2025

As announced in a recent post, Google has decided to make multi-factor authentication (MFA) a necessary login feature for Google Cloud users.

As explained by Mayank Upadhyay, VP of Engineering and Distinguished Engineer, Google Cloud, the new requirement will be available to all users in 2025.

Google plans to roll out this feature in a phased manner, initially making it a recommended option for users. This phase, Phase 1, starts November 2024, in which Google Cloud users will receive reminders and related information about this additional authentication adoption in their Google Cloud Console.

In Phase 2, beginning in early 2025, the service will require all Google Cloud users to enable multi-factor authentication for account logins. To ensure wider adoption, Google Cloud users must enroll in MFA to ensure continued access to Google Cloud Console, Firebase Console, gCloud, and other tools.

In the final phase, Phase 3, scheduled for the end of 2025, Google will extend MFA adoption to federated users, providing them with an optional feature.

Google’s post explains this decision by citing increased phishing attacks and credential thefts as the prime reason behind this move. In addition to their own research, Google also considered reports from US CISA, which suggests that users with multi-factor authentication enabled have 99% less probability of being hacked than other users. Hence, the firm believes mandatory MFA implementation remains the most viable way to secure Google Cloud users.

Users may find the relevant settings in their Google Account profile under the “Security” menu to enable this feature. Here, users need to enable 2-Step Verification to enable MFA, which will then guide them to set up another authentication method to protect their accounts.

Let us know your thoughts in the comments.

Related posts

NachoVPN Attack Risks Corporate VPN Clients

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites