CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Google Cloud Rolling Out Mandatory MFA for All Users

Starting this month, Google Cloud will be rolling out mandatory MFA for all users who sign in with a password.

Google Cloud

Google Cloud on Tuesday announced a mandatory multi-factor authentication (MFA) rollout for all users who currently sign in with just a password.

Currently, 70% of Google users have their accounts protected by the additional authentication layer, but Google Cloud is pushing all accounts to take advantage of the extra protection and will begin a phased implementation this month.

Initially, Google Cloud plans to deliver reminders to enterprises to get started on rolling out MFA for their users. “Beginning this month, you’ll find helpful reminders and information in the Google Cloud console, including resources to help raise awareness, plan your rollout, conduct testing, and smoothly enable MFA for your users,” according to a Google statement.

Beginning early 2025, MFA will become mandatory for all new Google Cloud users, as well as for existing users who sign in with a password.

Users will be receiving notifications and guidance through the Google Cloud Console, the Firebase Console, gCloud, and other platforms, requiring them to enroll in MFA to continue using those tools. The final phase, expected to be completed by the end of 2025, will require MFA for all users who federate authentication into Google Cloud.

The company said sers will have the option to enable MFA with their primary identity provider before accessing Google Cloud, but will also have the option to add an extra layer of MFA through their Google accounts.

“We’ve always prioritized protecting your identity in order to keep your account and sensitive information safe, and we use a variety of risk-based signals to quickly detect if an account is compromised and subsequently help users restore it securely,” Google Cloud added.

The company’s first incursion into MFA was in 2011, when it introduced 2-step verification (2SV) for millions of users. In 2014, it introduced phishing-resistant security keys that led to the development of passkeys, which allow users to sign-in with fingerprint or facial recognition.

Advertisement. Scroll to continue reading.

Related: MFA Isn’t Failing, But It’s Not Succeeding: Why a Trusted Security Tool Still Falls Short

Related: Seeing Is Believing… and Securing

Related: Most Attack Paths Are Dead Ends, but 2% Lead to Critical Assets: Report

Related: How Bot and Fraud Mitigation Can Work Together to Reduce Risk

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.