Bitcoin reached a new all-time high of $118,900 on Friday, surpassing its previous record of $113,822 set on Thursday. As Read more
Selling software to companies can be a daunting task, especially when it comes to meeting security requirements. Chas Ballew, founder Read more
Earlier this week, San Diego startup Gallant announced $18 million in funding to bring the first FDA-approved ready-to-use stem cell Read more
The world’s richest man buys out one of the most popular social media platforms and uses it as a propaganda Read more
Google has confirmed plans to require all Google Cloud customers to use multi-factor authentication (MFA), a process that kicks off this month with prompts and “helpful reminders” embedded inside the Google Cloud console, before a gradual enforcement period starting in the new year.
Mandatory Multi-Factor Authentication Implementation
The internet and cloud giant quietly announced its MFA plans in a document published in October, though the company’s VP of engineering, Mayank Upadhyay, formally announced this in a blog post this week.
“We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025,” Upadhyay wrote. “To ensure a smooth transition, Google Cloud will provide advance notification to enterprises and users along the way to help plan MFA deployments.”
Security Concerns Leading to MFA Enforcement
The news, inarguably a long-time coming, arrives amid a swathe of data breaches, with at least 1 billion stolen records in 2024 so far. By way of example, the UnitedHealth-owned healthcare giant Change Healthcare was hit by a ransomware attack in February, a data breach that saw health data stolen on more than 100 million people in the United States. The cause? Stolen back-end credentials that lay unprotected by MFA.
Data warehousing giant Snowflake, meanwhile, also hit the headlines after hundreds of its customers’ (including Ticketmaster) private data leaked online. These breaches were again caused by the lack of mandatory MFA enforcement, with Snowflake subsequently introducing mandatory MFA as an option for Snowflake admins, though it’s still up to the customer whether to switch this on.
Google’s Response and Future Enforcement
And so Google is now following its own subsidiary’s advice.
Starting in early 2025, Google says that it will require all Google Cloud users who currently sign in with a password to activate MFA — this means they will only be able to access their Google Cloud accounts by using a secondary authentication mechanism, such as authenticator app or physical security key.
By the end of 2025, this requirement will be extended to so-called “federated users,” which refers to those who access Google Cloud resources through a third-party authenticator.
Google’s announcement follows hot on the heels of similar enforcements at rival cloud giants. AWS began a phased rollout of mandatory MFA back in June, while Microsoft followed suit with Azure shortly after.
