Google recently announced that it will require multi-factor authentication (MFA) for all Google Cloud accounts starting in early 2025. This change affects both business and individual Google Cloud users, as Google ramps up its efforts to combat cybersecurity threats across its platforms.
MFA is being implemented in phases, with the first phases starting this month with reminders and information in the Google Cloud console. By early next year, Google will require MFA for all new and existing Google Cloud users who sign in with a password, and by the end of 2025, Google says it will extend MFA requirements to all users who unify authentication in Google Cloud.
With MFA, Google Cloud users will need to verify their identity through an additional factor beyond their password, such as a one-time code or biometric verification. Google has provided a range of MFA options, including Google Authenticator and several third-party authenticator apps. For organizations, this will include updating security policies and educating employees about new authentication requirements. Additionally, admins will have access to Google Cloud Identity and Access Management (IAM) resources to assist with the transition.
The company's blog post on the subject underscores the urgent need for improved security protocols, especially in light of the sensitive data being handled on Google Cloud. “We have always prioritized protecting your identity in order to keep your account and sensitive information secure, and we use a variety of risk-based signals to quickly detect if an account has been compromised and thus help users recover it safely,” the company notes. .
Google is not the only one. Tech giant Microsoft has also made MFA mandatory for Azure logins, and Amazon Web Services (AWS) has added passkeys to the list of supported MFA for AWS Identity and Access Management (IAM) users.
Accelerate adoption of passkeys
In addition to mandatory MFA, Google is accelerating the adoption of passkeys instead of passwords. Earlier this year, Google announced that it would shift millions of users towards passkeys, and revealed an expansion of its cross-account protection program and new updates to passkeys.
The Cross Account Protection Program is a scheme created by Google to share security notifications with other companies that manage non-Google apps and services used by its users.
Google previously outlined seven steps it is taking to fulfill the Secure by Design Pledge, an initiative introduced by the US Cybersecurity and Infrastructure Security Agency (CISA) earlier this year. Google is among more than 200 organizations that have signed this commitment.
A key component of Google's security measures is MFA, along with a strong push toward passkeys for a passwordless login experience.
Article topics
Biometric Authentication | Biometrics | Cloud services | google | Multi-factor authentication | Pass keys
