Google Cloud MFA enforcement meets with approval

Google’s announcement to enforce multifactor authentication (MFA) for all Google Cloud users by 2025 has been well-received by the cyber security community, with many describing it as a significant step towards enhancing security in the digital ecosystem.

The new policies, introduced by Google Cloud’s vice-president of engineering Mayank Upadhyay, will make MFA mandatory for all users who currently log in with just a password.

Upadhyay stated, “We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025. To ensure a smooth transition, Google Cloud will provide advance notification to enterprises and users along the way to help plan MFA deployments.”

Google’s first phase, starting this month, will target users who are not already enrolled in MFA, providing them with reminders and information in the Google Cloud Console to raise awareness and encourage planning for MFA implementation.

By early 2025, all new and existing users who log in with a password will be required to use MFA. Notifications and guidance on this requirement will be displayed across various Google platforms, and users will have no choice but to enroll in MFA at this time.

Furthermore, by the following year, MFA requirements will extend to all users who federate authentication into Google Cloud. Organizations will have options to meet this requirement, such as enabling MFA with their primary identity provider or adding extra layers of MFA through their Google accounts.