The Information Highway

The Information Highway

Font size: +
2 minutes reading time (396 words)

Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users

Google's cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security.

"We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025," Mayank Upadhyay, vice president of engineering and distinguished engineer at Google Cloud, said in a statement.

"To ensure a smooth transition, Google Cloud will provide advance notification to enterprises and users along the way to help plan MFA deployments." 

The rollout process is scheduled to take place over three stages, starting from this month and until the end of 2025 -

  • Phase 1 (Starting November 2024), when administrators will be provided information to prepare for the security upgrade
  • Phase 2 (Early 2025), when Google will begin requiring MFA for all new and existing Google Cloud users who sign in with a password
  • Phase 3 (End of 2025), when Google will extend MFA protections to federated users

"For example, you can enable MFA with your primary identity provider before accessing Google Cloud — we will be working closely with identity providers to ensure there are standards in place for a smooth hand-off," Upadhyay said.

"Alternatively, you can add an extra layer of MFA through your Google account if you prefer to use our system."

The development comes as phishing and stolen credentials continue to be the primary way through which threat actors gain unauthorized access to computer networks.

The announcement also follows similar moves from its cloud rivals Amazon and Microsoft, which have also begun enacting mandatory MFA for Amazon Web Services (AWS) and Azure, respectively, in recent months.

In July 2024, data warehousing company Snowflake introduced an option that allows administrators to enforce mandatory MFA for all users following a data breach campaign that leveraged stolen credentials from more than 165 of its customers.

The threat actor allegedly behind the data theft and extortion scheme, a 26-year-old Canadian man named Alexander "Connor" Moucka, was arrested late last month at the request of U.S. authorities. Another co-conspirator, John Erin Binns, was arrested in Turkey in late May 2024.

Other members of the UNC5537 cybercriminal gang, which is part of a larger underground network called the Com, remain at large, according to WIRED.

HPE warns of critical RCE flaws in Aruba Networkin...
Vulnerabilities found in Microsoft Azure AI

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Thursday, 14 November 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023