Google Cloud is making multi-factor authentication mandatory for all users

News
By
published

MFA will be mandatory by Q4 2025 for Google Cloud users

A padlock resting on a keyboard.
(Image credit: Passwork)
  • Google is encouraging Cloud customers to enable MFA now
  • All users will need to enable MFA by the end of 2025
  • 30% of Google users don’t use MFA yet

Google Cloud has confirmed its users will need to enforce multi-factor authentication within the next few months as part of a major security push.

After quietly announcing the change in an October document, Google Cloud VP of Engineering and Distinguished Engineer Mayank Upadhyay revealed the rollout will be in phases, with mandatory MFA for all Google Cloud customers set to arrive by the end of 2025.

Google has promised to smoothen the rollout of the MFA requirement by dropping notifications on enterprise users ahead of time, so that they can enact the change with their employees.

Google Cloud now mandates the use of MFA

“We’ve been strong advocates for our MFA system for over a decade," noted Upadhyay, highlighting how the company will now begin encouraging users to enable MFA through reminders and other information popups in the Google Cloud console.

From 2025, new and existing customers using password logins will need to turn on MFA in their accounts, and by the end of the year, all users who federate authentication into Google Cloud (via third parties) will also need to enable the additional security step.

The company revealed around one in three (30%) Google users still rely on just passwords, highlighting the scale of the work required to drive wider MFA adoption.

Given the recent surge in high-profile data breaches and the amplification of attacks thanks to generative AI, adding MFA to accounts will make it more difficult for hackers to force entry via phishing scams.

Research from the Cybersecurity and Infrastructure Security Agency (CISA) suggests MFA can make users 99% less likely to be hacked.

In the blog post, Upadhyay proudly proclaimed Google led the consumer-scale MFA drive more than a decade ago in 2011, when it implemented 2-step Verification.

Despite the looming deadline, Google Cloud customers can begin to adopt MFA already, so they won’t need to wait for a specific part of the phased rollout.

You might also like

TOPICS
Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!