Google Cloud has announced that multi-factor authentication (MFA) will become mandatory for all customers by the end of 2025. This change will affect both admins and users with access to cloud services, but not general consumer accounts. The rollout will proceed through three phases.
In the first phase, starting this month, users who are not using MFA will be encouraged to do so via reminders on the console screen. This concerns about 30% of users, with the rest already having activated MFA on their accounts. In the second phase, early in 2025, all existing and new users who only use a password to log in will receive notifications to enable MFA across various platforms.
By the end of 2025, in the final mandatory phase, MFA will be required for all users, including those using federated authentication. Users can either use their identity provider’s MFA or add an extra MFA layer through Google’s system.
Google Cloud mandates MFA for security
Google emphasizes that mandatory MFA is crucial for increasing security and defending accounts against sophisticated threats that can compromise sensitive data. Research from the Cybersecurity and Infrastructure Security Agency (CISA) shows that MFA makes users 99% less likely to get hacked. To make the transition smooth, Google has developed user-friendly MFA options like passkeys, which use biometric data for enhanced security and convenience.
This aims to minimize disruptions for users during the mandatory adoption. Users can enable MFA on their accounts by going to their account settings, selecting “2-Step Verification” under the “How you sign in” section, and following the on-screen instructions. However, those with Identity-managed accounts may face admin-imposed restrictions affecting the availability of this option.
Google Cloud’s decision aligns with similar moves by other major tech companies like Amazon and Microsoft, who have also taken steps to enforce MFA for their cloud services. Cybersecurity experts widely recommend the adoption of MFA as one of the most effective methods to prevent breaches and protect digital assets in an increasingly threatening landscape.
Noah Nguyen is a multi-talented developer who brings a unique perspective to his craft. Initially a creative writing professor, he turned to Dev work for the ability to work remotely. He now lives in Seattle, spending time hiking and drinking craft beer with his fiancee.
