To enhance account security, Google will mandate multifactor authentication (MFA) for all Google Cloud users by the end of 2025. As it stands, 70% of Google’s user base already has MFA enabled.
This requirement will affect all Google Cloud users who presently use passwords for authentication, as well as new users. However, it will not impact general consumer Google accounts. The company is set to commence the initial phase of this year-long implementation period this month.
- During Phase 1, Google Cloud administrators will be given guidance on preparing for the transition. This phase aims to increase awareness and supply resources essential for planning a rollout and conducting tests effectively.
- Phase 2, is set to commence in early 2025. It will mandate that all new and existing Google Cloud users employing passwords for authentication activate MFA on their accounts. Notifications and guidance regarding this requirement will be available on the Google Cloud Console, Firebase Console, gCloud, among other platforms.
- In Phase 3, by the end of 2025, users who integrate authentication into Google Cloud will need to enable multi-factor authentication (MFA). They can activate MFA through their primary identity providers prior to accessing Google Cloud or add an additional layer of security with MFA via their Google account.
Starting this month, the company announced that the Google Cloud console will feature useful reminders and information. These resources are designed to assist with raising awareness, planning your rollout, conducting testing, and seamlessly enabling MFA for your users.
One of the main recommendations in the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure By Design initiative is adopting multifactor authentication (MFA). The industry as a whole is moving towards mandatory MFA implementation. In June, Amazon began enforcing mandatory MFA for its Amazon Web Services users. Individuals accessing the AWS Management Console with an organization’s root user account were required to use MFA. This requirement has been broadened to include stand-alone accounts outside of AWS Organizations as well.
Mandatory MFA has also been embraced by Snowflake. Which in July introduced a feature enabling administrators to enforce mandatory MFA for all users. The following month, Microsoft announced its own rollout plan for Microsoft Azure. Similar to Google Cloud’s approach, Microsoft’s strategy involves multiple phases. Phase 1 began last month and requires MFA for signing into the Azure portal, Microsoft Entra admin center, and Intune admin center. In early next year’s Phase 2 launch attemptantion will gradually require it-the use of appropriate-enhancements on services such as anticipated Lorem Ipsum-overface personations with systems ala floating data points regarding regionalulars among them things along ports like pseudonyms observed inner natures described associated forms shift legends conservatively at forbade ones meantime!
Although CISA has stated that using MFA reduces the likelihood of being hacked by 99%. It’s crucial to remember that MFA is not completely foolproof.
“Mandating MFA is essential for enterprise security, but it alone doesn’t suffice,” states Jasson Casey, CEO of Beyond Identity. “This is due to the fact that not all MFA solutions provide equal levels of security assurance.”
Kris Bondi, CEO and co-founder of Mimoto, noted in an emailed statement that MFA and two-factor authentication have been utilized in various forms for over 20 years. During this time, attackers have found ways to innovate against these security measures. As a result, there has been a rise in phishing operations capable of bypassing traditional MFA systems. This vulnerability is why the National Institute of Standards and Technology (NIST) along with CISA are advocating for the implementation of phishing-resistant MFA solutions.
