Google Cloud mandates multi-factor authentication for all users in 2025

Google Cloud mandates multi-factor authentication for all users in 2025

Digital render of Google Cloud's logo on a 3D icon against a grey background

Google Cloud announced it will make multi-factor authentication (MFA) mandatory for all users of its cloud services.

The mandatory use of MFA will be introduced for all Google Cloud customers in 2025, describing the introduction as a “critical step” for users to protect their cloud environments from unauthorised access.

Subscribe today for free

“There is broad 2-Step Verification (2SV) adoption by users across all Google services. However, given the sensitive nature of cloud deployments — and with phishing and stolen credentials remaining a top attack vector observed by our Mandiant Threat Intelligence team,” Mayank Upadhyay, VP of engineering and a distinguished engineer at Google Cloud wrote in a blog post. “We believe it’s time to require 2SV for all users of Google Cloud.”

Multi-factor authentication is designed to be a more secure way for users to sign into platforms. Using a multi-step login process, users are required to enter information beyond simply a password.

For example, users might be asked to enter a code sent to their email, an answer to a secret question, or potentially biometric information, like a fingerprint or facial recognition.

Google Cloud is now making MFA mandatory for its millions of users, though the provider wants to introduce the measure in a staggered way to “ensure a smooth transition.”

The switch to MFA will span three stages. The first, starting November 2024 aims to encourage MFA adoption. Then, from “early 2025”, MFA will be required for password logins. By the end of 2025, the third phase, MFA will be extended to all users who federate authentication into Google Cloud.

Graphic showing the three phases of Google Cloud's rollout of mandatory multi-factor authentication or MFA

Enterprise customers and users will receive advance notification of the change ahead of their transition to ensure their switch is seamless.

“At Google, we understand that you need flexibility and control when implementing new security measures,” Upadhyay wrote. “We will be working closely with identity providers to ensure there are standards in place for a smooth hand-off.”

RELATED STORIES

Cloud group defends autonomy after Microsoft claims it's bankrolled by Google

Google Cloud Summit keynote: Security, openness, and AI innovation

Google Cloud partners with Salesforce to launch autonomous AI agents

Gift this article