Google Cloud strengthens user security with multi-factor authentication mandate

Google Cloud will soon enforce multi-factor authentication (MFA) for all users, marking a significant shift in its security approach. Starting in January, Google will require about 30% of its Cloud customers who still use only passwords to adopt MFA.

Through this phased rollout, Google aims to protect sensitive data more effectively amid rising cyber threats, such as phishing and credential theft.

In the coming two months, Google plans to send reminders to users, including resources that simplify the MFA transition. In a recent blog post, Google Cloud shared that its decision builds on years of experience. “As pioneers in MFA for millions of users, we know it strengthens security without compromising usability,” the company stated.

By the end of 2024, Google Cloud will also require MFA from customers using federated authentication. These users can enable MFA either through Google or with their preferred identity providers, adding flexibility to the mandate. This new requirement reflects Google’s ongoing commitment to security. The platform had previously introduced two-step verification (2SV) and passkeys for added protection.

This initiative aligns Google Cloud with other tech giants enforcing MFA to counter complex cyber threats. AWS and Microsoft recently added MFA for privileged and admin accounts. Snowflake also committed to enforcing MFA after breaches affected users without it. Studies confirm MFA’s urgency. For instance, the Cybersecurity and Infrastructure Security Agency (CISA) found that MFA reduces hacking risks by 99%.

Across the cybersecurity landscape, MFA is increasingly essential. A recent PwC report identified cloud-based threats as the top concern for CISOs, surpassing even ransomware. Likewise, Microsoft’s research on Storm-0501—a group targeting cloud platforms with ransomware—shows that MFA can help shield organizations from these advanced threats.

Google Cloud’s MFA mandate signals a stronger stance on security, setting a powerful example for the industry. This shift may encourage smaller providers to adopt similar measures, helping more organizations guard against sophisticated cyber-attacks.