Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users

Cyber Security

Nov 06, 2024Ravie LakshmananCloud Security / Phishing Protection

Google’s cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security.

“We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025,” Mayank Upadhyay, vice president of engineering and distinguished engineer at Google Cloud, said in a statement.

“To ensure a smooth transition, Google Cloud will provide advance notification to enterprises and users along the way to help plan MFA deployments.”

The rollout process is scheduled to take place over three stages, starting from this month and until the end of 2025 –

  • Phase 1 (Starting November 2024), when administrators will be provided information to prepare for the security upgrade
  • Phase 2 (Early 2025), when Google will begin requiring MFA for all new and existing Google Cloud users who sign in with a password
  • Phase 3 (End of 2025), when Google will extend MFA protections to federated users

“For example, you can enable MFA with your primary identity provider before accessing Google Cloud — we will be working closely with identity providers to ensure there are standards in place for a smooth hand-off,” Upadhyay said.

“Alternatively, you can add an extra layer of MFA through your Google account if you prefer to use our system.”

The development comes as phishing and stolen credentials continue to be the primary way through which threat actors gain unauthorized access to computer networks.

The announcement also follows similar moves from its cloud rivals Amazon and Microsoft, which have also begun enacting mandatory MFA for Amazon Web Services (AWS) and Azure, respectively, in recent months.

In July 2024, data warehousing company Snowflake introduced an option that allows administrators to enforce mandatory MFA for all users following a data breach campaign that leveraged stolen credentials from more than 165 of its customers.

The threat actor allegedly behind the data theft and extortion scheme, a 26-year-old Canadian man named Alexander “Connor” Moucka, was arrested late last month at the request of U.S. authorities. Another co-conspirator, John Erin Binns, was arrested in Turkey in late May 2024.

Other members of the UNC5537 cybercriminal gang, which is part of a larger underground network called the Com, remain at large, according to WIRED.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

Samsung Patent Application Hints at Flagship Smartphone With Curved Screens
Samsung Galaxy S25 Ultra Leaked Renders Show Rounded Corners; Galaxy S25+ Live Hands-on Images Surface
World’s Largest Iceberg A23a Resumes Journey North After Months of Stagnation
Google Working on Bundled Notifications Feature for Grouping Notifications in Gmail-Like Categories: Report
Apple’s AirTag 2 to Come With New Ultrawide-Band Chip Similar to That in iPhone 15: Mark Gurman