Phased rollout over next 12 months.
Google has announced it will implement mandatory multi-factor authentication for all cloud users, beginning next year.
Saying it has been “strong advocates for our MFA system for over a decade,” the company’s announcement said the first phase begins this month with “helpful reminders and information in the Google Cloud console, including resources to help raise awareness, plan your rollout, conduct testing, and smoothly enable MFA for your users.”
From early 2025, MFA will be required for all new and existing Google Cloud users who sign in with a password, while by the end of 2025, MFA will be required for all users who federate authentication into Google Cloud.
Commenting, Ed Russell from Qodea, said: “Mandatory MFA is a welcome move from Google as user identity remains a primary attack vector used by bad actors. Passwords alone no longer provide enough protection for sensitive data, and MFA introduces additional verification steps to guard against cyber breaches.
“New mandates often cause disruption within organisation:. Mandatory MFA will likely follow suit as it directly impacts employees' daily access to platforms and applications. Organisations must therefore carefully plan their MFA transition and provide staff with dedicated training to ensure a smooth transition.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
