Google Cloud to make MFA mandatory by the end of 2025
Google has announced that multi-factor authentication (MFA) will be mandatory on all Cloud accounts by the end of 2025 to enhance security.
Google Cloud is a product designed for businesses, developers, and IT teams to build, deploy, and manage applications and infrastructure in the cloud.
The mandatory MFA rollout will affect both admins and any users with access to Google Cloud services but not general consumer Google accounts.
“We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025,” reads a new Google announcement.
“To ensure a smooth transition, Google Cloud will provide advance notification to enterprises and users along the way to help plan MFA deployments.”
The change will unfold through three phases to ease the transition for impacted users.
Starting this month, users who are not using MFA on their accounts will be encouraged to do so via a reminder on the console screen. According to Google, this concerns roughly 30% of Cloud users, with the rest already having activated the extra security step on their accounts.
The second phase will begin in early 2025, where all existing and new Google Cloud users who only use a password to log in will get notifications to enable MFA across Google Cloud Console, Firebase Console, gCloud, and other platforms.
Finally, by the end of 2025, the MFA requirement will be made mandatory for all Google Cloud users and federated users, who can either use their identity provider’s MFA or add an extra MFA layer through Google.
Google says the mandatory MFA requirement for Google Cloud users is being done for increased security, seeing this as a critical step for safeguarding accounts from increasingly sophisticated threats that can compromise sensitive data and cause significant damage.
The tech giant cites research from CISA showing that MFA makes users 99% less likely to get hacked and notes that its own data corroborates the U.S. government agency’s findings.
Google has developed user-friendly MFA options, like passkeys, that use biometric data to make MFA more secure and convenient. This will make mandatory adoption less likely to disrupt the user experience significantly.
To enable MFA on your Google Cloud account today, head to ‘security.google.com,’ and under the “How you sing in to Google” section, select ‘2-Step Verification’ and follow the on-screen instructions to complete the setup.
Owners of Cloud Identity-managed accounts who don’t see the ‘2-Step Verification’ option may be subject to admin-imposed restrictions.
For more information about setting up MFA on Google Cloud, check out Google’s official guide here.