Connect with us

Tech News

Google Cloud MFA enforcement meets with approval

Published

on

Google Cloud MFA enforcement meets with approval

Google’s announcement to enforce multifactor authentication (MFA) for all Google Cloud users by 2025 has been well-received by the cyber security community, with many describing it as a significant step towards enhancing security in the digital ecosystem.

The new policies, introduced by Google Cloud’s vice-president of engineering Mayank Upadhyay, will make MFA mandatory for all users who currently log in with just a password.

Upadhyay stated, “We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025. To ensure a smooth transition, Google Cloud will provide advance notification to enterprises and users along the way to help plan MFA deployments.”

Google’s first phase, starting this month, will target users who are not already enrolled in MFA, providing them with reminders and information in the Google Cloud Console to raise awareness and encourage planning for MFA implementation.

By early 2025, all new and existing users who log in with a password will be required to use MFA. Notifications and guidance on this requirement will be displayed across various Google platforms, and users will have no choice but to enroll in MFA at this time.

Furthermore, by the following year, MFA requirements will extend to all users who federate authentication into Google Cloud. Organizations will have options to meet this requirement, such as enabling MFA with their primary identity provider or adding extra layers of MFA through their Google accounts.

Mandatory MFA already successful for others

Google is not alone in implementing mandatory MFA for cloud services. Microsoft and GitHub have also introduced similar policies to enhance security following cyber attacks involving their users.

See also  Hey Google, fix android auto

Mike Britton, CIO at Abnormal Security, emphasized the importance of MFA as a foundational security service that should be mandatory for all software providers, especially for email security.

Patrick Tiquet, VP of security and compliance at Keeper Security, commended Google’s phased approach to MFA implementation, which prioritizes user adoption and minimizes operational disruption.

Anna Collard, SVP of content strategy at KnowBe4, highlighted the need for a layered defense approach in security and emphasized the importance of using phishing-resistant MFA methods like FIDO.

Trending