Google is rolling out mandatory multifactor authentication (MFA) on all Google Cloud accounts to protect against phishing and data theft.
The new requirement will be implemented in phases throughout 2025, all Google Cloud users worldwide will be mandated to enable MFA for sign-on by year’s end.
This change will not apply to owners of Google’s general consumer accounts.
Google Cloud’s Mandiant found phishing and stolen credentials to be the top attack vectors affecting cloud environments. In a November 5 blog post, Google said the new measure is a response to this.
“The [US] Cybersecurity and Infrastructure Security Agency (CISA) found that MFA makes users 99% less likely to be hacked, a powerful reason to make the switch,” said the post.
The company also noted that 70% of Google users have already enabled MFA.
Read more: Is MFA Enough to Protect You Against Cyber-Attacks?
MFA Rollout in Three Phases
The firm said it wanted to ensure a smooth transition with a phased rollout which will include the following steps:
- From November 2024 – Encourage MFA adoption with reminders and information in the Google Cloud console, including resources to help users plan the rollout, conduct testing and enable MFA
- From early 2025 – MFA required for all new and existing Google Cloud users who sign in with a password
- From the end of 2025 – Extending the MFA requirement to all users who federate authentication into Google Cloud
No tags.
