Google Cloud makes multi-factor authentication mandatory for all users
- Google encourages Cloud customers to enable MFA now
- All users must enable MFA by the end of 2025
- 30% of Google users do not yet use MFA
Google Cloud has confirmed that its users will have to enforce multi-factor authentication in the coming months as part of a major security push.
After quietly announcing the change in October documentGoogle Cloud VP Engineering and Distinguished Engineer Mayank Upadhyay revealed that the rollout will happen in phases, with mandatory MFA for all Google Cloud customers by the end of 2025.
Google has promised to ease the rollout of the MFA requirement by dropping notifications for business users in advance so they can implement the change with their employees.
Google Cloud now requires the use of MFA
“We have been strong advocates of our MFA system for more than a decade,” said Upadhyay, highlighting how the company will now encourage users to enable MFA through reminders and other information pop-ups in the Google Cloud console.
Starting in 2025, new and existing customers who use password logins will need to enable MFA in their accounts, and by the end of the year, all users who bundle authentication into Google Cloud (via third parties) will also need to enable the extra security step.
The company revealed that around one in three (30%) Google users still rely solely on passwords, highlighting the scale of work needed to drive wider MFA adoption.
Given the recent increase in high-profile data breaches and the increase in attacks driven by generative AI, adding MFA to accounts will make it more difficult for hackers to gain access through phishing scams.
Research from the Cybersecurity and Infrastructure Security Agency (CISA) shows that MFA can ensure that users are 99% less likely to be hacked.
In the blog postUpadhyay proudly exclaimed that Google led the consumer-scale MFA campaign over a decade ago in 2011 when it implemented two-step verification.
Despite the looming deadline, Google Cloud customers can already start adopting MFA so they don’t have to wait for a specific part of the phased rollout.