Google Cloud to Implement Mandatory Multi-Factor Authentication for All Users by 2025
On November 5, 2024, Google Cloud announced that it will require all users to adopt multi-factor authentication (MFA) by 2025.
Was MFA not Implemented Previously?
No, it was implemented, but only 70% of the users were using it, and the rest were signing in with just a password, which is not apt looking at the number of increasing cyberattacks.
That’s why Google Cloud announced this to provide robust protection for user accounts and sensitive data by implementing additional layers of security beyond traditional password logins.
Mandatory Multi-factor authentication will be rolled out in three phases, as explained below!
First Phase: Phased Rollout Begins in November 2024
The implementation of mandatory MFA will be introduced in a phased manner, starting in November 2024. It is the initial phase in which Google Cloud will encourage users to adopt MFA voluntarily by sharing prompts and resources, including
- Awareness Campaigns
- Rollout Planning Guides and
- Testing Protocols in the Google Cloud Console
Second Phase: Mandatory MFA for Password Logins in Early 2025
The second phase, commencing in early 2025, will make MFA mandatory for all users using Google Cloud platforms, including the Google Cloud Console, Firebase Console, and gCloud, and logging in with passwords.
Third Phase: Extending MFA to Federated Users by End of 2025
By the end of 2025, Google Cloud will require multi-factor authentication (MFA) for users who log in through other identity providers. They can either set up MFA with their primary identity provider or add another layer of MFA through their Google account.
Now, let’s quickly overview the “Importance of MFA in Cloud Security.”
MFA requires users to provide two or more verification methods, making it much harder for hackers to access accounts. Reports by The Cybersecurity and Infrastructure Security Agency (CISA) suggest that MFA makes users 99% less likely to be hacked.
MFA significantly reduces the chances of unauthorized access to sensitive data. This is especially important for businesses that store valuable information in the cloud.
In short, Google Cloud’s decision to mandate MFA/2-Step Verification is driven by the need to combat sophisticated cyberattacks, including phishing and credential theft.
If you also want to enable 2-step verification, follow the steps below:
- Visit https://myaccount.google.com/security, scroll down a bit, and look for the heading “How you sign in to Google.” Then, click on “2-Step Verification.”
- Click on “Turn on 2-Step Verification” and follow the necessary instructions to implement 2-step verification.
To conclude, Google Cloud’s decision to mandate MFA/2-Step Verification is driven by the need to combat most common cyberattacks, including phishing and credential theft.