Google Cloud has announced a phased rollout requiring mandatory multi-factor authentication (MFA) for all users by the end of 2025. The initiative aims to enhance security across its cloud platform, where phishing and credential theft remain primary attack vectors.
According to security experts, the move follows similar requirements implemented by Amazon Web Services and Microsoft Azure, reflecting a broader industry shift toward stronger authentication standards. The US Cybersecurity and Infrastructure Security Agency (CISA) reports that MFA can prevent 99 percent of automated attacks that use stolen credentials.
The implementation will proceed in three phases. Starting in November 2024, Google Cloud will begin notifying users who haven’t enabled MFA and provide resources for testing and deployment. Current adoption rates show approximately 70 percent of Google users already use MFA.
In early 2025, MFA becomes mandatory for password-based logins across Google Cloud Console, Firebase Console, and gCloud platforms. Users will need to complete enrollment to maintain access to these services.
By the end of 2025, the requirement extends to all users authenticating through federated identity providers. Organizations can meet this requirement either through their primary identity provider’s MFA or by adding Google’s MFA layer.
“The threat landscape has evolved significantly, making stronger authentication essential,” says Mayank Upadhyay, Vice President of Engineering at Google Cloud. “We’re implementing this requirement thoughtfully to ensure minimal disruption while maximizing security benefits.”
Phil Venables, Google Cloud’s CISO, emphasized the company’s experience with MFA deployment: “Having brought multi-factor authentication to millions of users worldwide, we’ve demonstrated that enhanced security doesn’t have to compromise user experience.”
The initiative builds on Google’s existing security infrastructure, which includes risk-based authentication and support for various second factors including security keys, authenticator apps, and biometric verification.
Sources: The Hacker News, Infosecurity Magazine, TechCrunch
—
November 6, 2024 – by the ID Tech Editorial Team
Follow Us