Google has announced the mandatory implementation of multi-factor authentication (MFA) for Google Cloud users. Although the full transition will take until 2025, experts advise activating MFA now for increased security.
Google will begin rolling out multi-factor authentication (MFA) for Google Cloud users in 3 phases. In the first phase, scheduled for November 2024, Google Console administrators will receive training and information on setting up MFA. In 2025, the second phase will require users who use passwords to also sign in with MFA, and by the end of the year, MFA will be mandatory for all users using federated authentication in Google Cloud.
Google explains that this measure is related to the protection of confidential data in cloud services and that credential theft remains one of the main threats; according to the analytical group Mandiant, MFA effectively reduces the risk of hacking accounts. The company is urging users to activate MFA and its free security features now, and Ed Russell, cyber security manager at Qodea, supported the initiative, noting that companies should carefully plan their transition to MFA, including staff training.
Multi-factor authentication is becoming the standard for cloud services – Microsoft Azure introduced mandatory MFA for administrators in July 2024 – but the lack of MFA has already led to many security breaches. More recently, this protection has been introduced as a key element in preventing cyberattacks.