Security Stop Press : Google Cloud to Enforce Mandatory MFA for All Users by 2025

Google has announced a phased rollout of mandatory multi-factor authentication (MFA) for all Google Cloud accounts to strengthen security against cyber threats.

Starting in November 2024, Google Cloud will encourage MFA adoption, progressing to full compliance by the end of 2025. Google says the move will occur in three stages: first, promoting MFA awareness; next, requiring MFA for all password-based logins by early 2025; and finally, extending this to federated users by year-end, who can use MFA via their identity provider or add an extra layer through Google.

The decision is in response to rising risks from phishing and credential theft. Google and the Cybersecurity and Infrastructure Security Agency (CISA) report that MFA reduces hacking risk by 99 per cent. Google, an early advocate of MFA, continues to prioritise secure, user-friendly options like passkeys that leverage biometrics.

Businesses using Google Cloud are advised to start planning for MFA deployment now, coordinating with users and IT teams to facilitate a smooth transition.