Google Cloud Platform (GCP) Announces Mandatory Multi-Factor Authentication (MFA) for All Cloud Accounts by End of 2025
The majority of key platforms now support Multi-Factor Authentication (MFA), a security measure requiring not just a username and password at login but also a second form of verification, such as a TOTP code or a security key.
The enforcement of MFA is primarily aimed at enhancing security. Data breaches involving cloud platforms are often linked to the absence of MFA, including incidents of phishing attacks.
The adoption of MFA by administrators and sub-accounts can mitigate many potential security issues. This is why Google has decided that the use of Google Cloud will mandatorily require MFA.
Google's Timeline for Implementation:
- Starting November 2024, Google Cloud's dashboard will begin to display reminders for accounts that haven't enabled MFA.
- From the beginning of 2025, all accounts that only use passwords for login, including new GCP users, will receive notifications urging them to enable MFA as soon as possible.
- By the end of 2025, all Google Cloud accounts will be required to have MFA enabled for continued use. Accounts without MFA enabled will not function properly.
It's important to note that this change only affects Google accounts used for the GCP cloud platform. Google will not enforce this requirement on regular consumer accounts but still recommends enabling MFA to increase security.
Users can navigate to Google's Account Security Center (https://security.google.com) to find the two-step verification page, where they can add various MFA methods, including but not limited to Google Authenticator, security keys, and hardware security keys.