Google Cloud will make multi-factor authentication (MFA) mandatory for its users next year.
Mayank Upadhyay, VP of engineering and distinguished engineer at Google Cloud, said the move would provide stronger protection against sophisticated attacks, adding that the Cybersecurity and Infrastructure Security Agency (CISA) found that MFA makes users 99 per cent less likely to be hacked.
Upadhyay said that the company would implement a phased approach to MFA to allow users “flexibility and control.”
In the first phase, which started this month, users will be encouraged to adopt MFA through reminders and information in the Google Cloud console.
From early next year, Google will require MFA for password logins for all new and existing customers.
By the end of 2025, Google said it will extend the MFA requirement to all users who federate authentication into Google Cloud.
Upadhyay said that Google has been an advocate for MFA for over a decade and will be working closely with identity providers to ensure there are standards in place to smoothly implement the new measure.
The company first introduced MFA in 2011, calling it two step verification (2SV), and launched phishing-resistant security keys for Google accounts in 2014.
“As pioneers in bringing multi-factor authentication to millions of Google users worldwide, we’ve seen firsthand how it strengthens security without sacrificing a smooth and convenient online experience,” Upadhyay wrote in a blog post. “Given the sensitive nature of cloud deployments — and with phishing and stolen credentials remaining a top attack vector observed by our Mandiant Threat Intelligence team — we believe it’s time to require 2SV for all users of Google Cloud.”
