Google Cloud Mandates Multi-Factor Authentication for All Users by 2025

Google Cloud has announced the implementation of mandatory multi-factor authentication (MFA) for all users by 2025. This measure aims to strengthen account security amid rising phishing threats and credential compromise incidents. Google clarified that MFA enhances user data protection without complicating the authorization process.

The rollout will proceed in stages:

• In the first phase, starting November 2024, the company will encourage users to adopt MFA by providing reminders and instructions in the Google Cloud Console.
• In the second phase, beginning in early 2025, MFA will become mandatory for all users signing in with a password. They will need to enable MFA to continue using Google Cloud tools, including Google Cloud Console, Firebase Console, and gCloud.
• The third phase, scheduled for late 2025, will introduce MFA for all users utilizing federated authentication with Google Cloud.

Google began deploying multi-factor authentication for consumers back in 2011 with the launch of two-step verification. This approach quickly gained popularity due to its simplicity and effectiveness in preventing password compromise.

However, with the emergence of more sophisticated attacks, the company introduced advanced security methods, including phishing-resistant security keys and passkeys that streamline the authentication process by leveraging biometrics.

The transition to mandatory MFA in Google Cloud is guided by recommendations from cybersecurity experts and the CISA agency, which confirmed that users with activated multi-factor authentication are 99% less likely to fall victim to attacks.

Users interested in enabling MFA can already activate free two-step verification for their Google accounts. To do so, they should visit the security settings on security.google.com and enable two-step verification in the “How you sign in to Google” section.