Google Cloud to Require Multi-Factor Authentication Starting 2025

by · The Hans India

Highlights

Starting in 2025, Google Cloud users must enable Multi-Factor Authentication for enhanced security across all platforms and accounts.

To enhance security, Google Cloud will require all customers to use Multi-Factor Authentication (MFA) starting in 2025. This mandate is part of a broader effort by Google to strengthen account protection across its cloud platform. Google has announced a phased rollout plan, beginning in November, to guide users toward adopting MFA smoothly.

Google’s MFA Rollout on Cloud Platforms

According to Mayank Upadhyay, Google Cloud’s VP of Engineering, Google will enforce MFA for all users and businesses on its cloud services starting in 2025. To ease the transition, Google will send periodic reminders through in-app notifications to help users prepare for the switch. This process begins in phases and aims to ensure that customers have ample time to adapt to the new security protocol.

The MFA rollout will take place over three main phases. In the first phase, Google Cloud Console users will receive reminders to activate MFA. In the second phase, MFA will be rolled out to all Google Cloud users who use passwords to log in. This includes users across Google Cloud Console, Firebase Console, gCloud, and other related platforms. Finally, in the third phase, MFA will become mandatory for all Google Cloud users. Customers will also have flexible options for authentication, including security keys, biometric scans, and one-time passcodes (OTPs).

Steps to ActivateMFA on Google Cloud

1. Go to [security.google.com](https://security.google.com) to access your account security settings.

2. In the "How you sign in to Google" section, select 2-Step Verification.

3. Follow the instructions to complete the MFA setup.

This step is crucial for securing your Google Cloud environment against unauthorized access, making it harder for attackers to breach accounts. Google notes that 70% of users already benefit from MFA, and making it mandatory aims to protect all users’ data under a unified security framework.