Google wants to beef up the security of its products and makes multifactor authentication (MFA) mandatory for all Google Cloud users. By the end of 2025, all accounts must have activated this. The company is taking this step to deal with increasingly sophisticated cyber threats.
The requirement applies to all users and administrators accessing the company’s services in its Google Cloud platform. For now, it does not apply to ‘regular’ Google consumer accounts. To ease the transition, the rollout will take place in three phases.
First, by early 2025, users who have not yet set up an MFA will receive reminders via their dashboard to do so. This amounts to about 30 percent of users, including anyone who still relies on just a password to access Google Cloud Console, Firebase Console, and gCloud.
That ‘suggestion’ will change to a requirement over the course of the year. In the final phase, MFA will be mandatory for all Google Cloud users, including those who use federated access. In the latter case, Google will offer the ability to choose between their identity provider’s MFA solutions or Google’s own added MFA layer.
MFA significantly reduces the risk of hacks
Google justifies this move by citing figures from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which show that MFA reduces the chance of hacks by 99 percent. The company says its own data supports these findings.
Google offers user-friendly MFA options such as biometric passwords to simplify use and encourage rapid adoption. That should minimize annoying interruptions sometimes associated with MFA while improving security.
For all others who have not yet done so, the company advises turning on 2-Step Verification via security.google.com. If that option is missing, it is likely due to restrictions set by admins.
Also read: Cloud providers can hardly keep up with dazzling demand for AI