Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Google Cloud Rolling Out Mandatory MFA for All Users

Starting this month, Google Cloud will be rolling out mandatory MFA for all users who sign in with a password.

Google Cloud

Google Cloud on Tuesday announced a mandatory multi-factor authentication (MFA) rollout for all users who currently sign in with just a password.

Currently, 70% of Google users have their accounts protected by the additional authentication layer, but Google Cloud is pushing all accounts to take advantage of the extra protection and will begin a phased implementation this month.

Initially, Google Cloud plans to deliver reminders to enterprises to get started on rolling out MFA for their users. “Beginning this month, you’ll find helpful reminders and information in the Google Cloud console, including resources to help raise awareness, plan your rollout, conduct testing, and smoothly enable MFA for your users,” according to a Google statement.

Beginning early 2025, MFA will become mandatory for all new Google Cloud users, as well as for existing users who sign in with a password.

Users will be receiving notifications and guidance through the Google Cloud Console, the Firebase Console, gCloud, and other platforms, requiring them to enroll in MFA to continue using those tools. The final phase, expected to be completed by the end of 2025, will require MFA for all users who federate authentication into Google Cloud.

The company said sers will have the option to enable MFA with their primary identity provider before accessing Google Cloud, but will also have the option to add an extra layer of MFA through their Google accounts.

“We’ve always prioritized protecting your identity in order to keep your account and sensitive information safe, and we use a variety of risk-based signals to quickly detect if an account is compromised and subsequently help users restore it securely,” Google Cloud added.

The company’s first incursion into MFA was in 2011, when it introduced 2-step verification (2SV) for millions of users. In 2014, it introduced phishing-resistant security keys that led to the development of passkeys, which allow users to sign-in with fingerprint or facial recognition.

Advertisement. Scroll to continue reading.

Related: MFA Isn’t Failing, But It’s Not Succeeding: Why a Trusted Security Tool Still Falls Short

Related: Seeing Is Believing… and Securing

Related: Most Attack Paths Are Dead Ends, but 2% Lead to Critical Assets: Report

Related: How Bot and Fraud Mitigation Can Work Together to Reduce Risk

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

The City of Phoenix has promoted Mitch Kohlbecker to the role of Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.