Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users

Cyber Security

Nov 06, 2024Ravie LakshmananCloud Security / Phishing Protection

Google’s cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security.

“We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025,” Mayank Upadhyay, vice president of engineering and distinguished engineer at Google Cloud, said in a statement.

“To ensure a smooth transition, Google Cloud will provide advance notification to enterprises and users along the way to help plan MFA deployments.”

The rollout process is scheduled to take place over three stages, starting from this month and until the end of 2025 –

  • Phase 1 (Starting November 2024), when administrators will be provided information to prepare for the security upgrade
  • Phase 2 (Early 2025), when Google will begin requiring MFA for all new and existing Google Cloud users who sign in with a password
  • Phase 3 (End of 2025), when Google will extend MFA protections to federated users

“For example, you can enable MFA with your primary identity provider before accessing Google Cloud — we will be working closely with identity providers to ensure there are standards in place for a smooth hand-off,” Upadhyay said.

“Alternatively, you can add an extra layer of MFA through your Google account if you prefer to use our system.”

The development comes as phishing and stolen credentials continue to be the primary way through which threat actors gain unauthorized access to computer networks.

The announcement also follows similar moves from its cloud rivals Amazon and Microsoft, which have also begun enacting mandatory MFA for Amazon Web Services (AWS) and Azure, respectively, in recent months.

In July 2024, data warehousing company Snowflake introduced an option that allows administrators to enforce mandatory MFA for all users following a data breach campaign that leveraged stolen credentials from more than 165 of its customers.

The threat actor allegedly behind the data theft and extortion scheme, a 26-year-old Canadian man named Alexander “Connor” Moucka, was arrested late last month at the request of U.S. authorities. Another co-conspirator, John Erin Binns, was arrested in Turkey in late May 2024.

Other members of the UNC5537 cybercriminal gang, which is part of a larger underground network called the Com, remain at large, according to WIRED.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

California Announces Plan to Protect Joshua Trees from Wildfires and Climate Change Threats
China’s AI balancing act — beating the U.S. but keeping the tech from threatening Beijing’s rule
No GTA 6 Trailer a Year After Reveal as Fans Wait for Official Update From Rockstar Games
Elon Musk asks court to block OpenAI from converting to a for-profit
Uber will offer robotaxi rides in Abu Dhabi through partnership with WeRide