Starting November, Google Cloud will implement a mandatory multi-factor authentication (MFA) policy for all users relying on passwords to log in.
Expanding MFA Coverage
Currently, approximately 70% of Google users utilize MFA for added account security. However, Google Cloud aims to extend this protection universally. The rollout will occur in phases, beginning with a series of reminders and resources designed to help organizations transition smoothly to MFA.
“Throughout this month, enterprises will find helpful notifications in the Google Cloud console, offering guidance on raising awareness, testing the process, and enabling MFA for their teams,” the company stated.
Timeline for Full Implementation
By early 2025, MFA will be mandatory for all newly created Google Cloud accounts and existing accounts using passwords for authentication. Notifications will guide users through the enrollment process via platforms such as the Google Cloud Console, Firebase Console, and gCloud.
The final phase, expected to conclude by the end of 2025, will enforce MFA for users who authenticate through federated systems integrated with Google Cloud.
Flexible MFA Options
Google Cloud users will have the flexibility to activate MFA via their primary identity provider or add an additional MFA layer directly within their Google accounts.
A Legacy of Security Enhancements
Google’s journey with MFA began in 2011 with the introduction of two-step verification (2SV). This was followed in 2014 by the launch of phishing-resistant security keys, paving the way for today’s advanced passkey systems, which enable biometric authentication through fingerprints or facial recognition.
“Our priority has always been to safeguard user identities and sensitive data,” Google Cloud emphasized. “By leveraging risk-based signals, we can quickly detect compromised accounts and assist users in securely restoring access.”
The initiative marks another significant step in Google’s efforts to fortify its platform and protect users against evolving cyber threats.