Google Cloud is making MFA mandatory by the end of 2025

Google has announced that multi-factor authentication (MFA) will be mandatory for all cloud accounts by the end of 2025 to increase security.

Google Cloud is a product designed for businesses, developers, and IT teams to build, deploy, and manage applications and infrastructure in the cloud.

The mandatory MFA rollout affects both administrators and all users with access to Google Cloud services, but not general consumer Google accounts.

“We will implement mandatory MFA for Google Cloud in a phased approach, rolling out to all users worldwide in 2025,” says a new announcement from Google.

“To ensure a smooth transition, Google Cloud is informing businesses and users in advance to help them plan MFA deployments.”

The change will occur in three phases to ease the transition for affected users.

Starting this month, users who don't use MFA on their accounts will be prompted to do so via a reminder on the console screen. According to Google, this affects around 30% of cloud users, the rest have already activated the additional security level in their accounts.

The second phase will begin in early 2025, where all existing and new Google Cloud users who sign in with a password only will receive notifications to enable MFA for Google Cloud Console, Firebase Console, gCloud, and other platforms.

Ultimately, by the end of 2025, the MFA requirement will be mandatory for all Google Cloud users and federated users, who can either use their identity provider's MFA or add an additional layer of MFA through Google.

Google says the mandatory MFA requirement for Google Cloud users is being introduced to increase security and sees it as a critical step in protecting accounts from increasingly sophisticated threats that can compromise sensitive data and cause significant damage.

The tech giant cites research from CISA showing that MFA reduces the likelihood of users being hacked by 99%, noting that its own data confirms the US government agency's findings.

Google has developed easy-to-use MFA options like passkeys that use biometric data to make MFA more secure and convenient. This reduces the likelihood that mandatory adoption will significantly impact the user experience.

To enable MFA for your Google Cloud account today, go to security.google.com and select “Two-Step Verification” under the “How to Sign in to Google” section and follow the instructions on the screen to complete the process.

Cloud Identity-managed account owners who do not see the Two-Step Verification option may be subject to administrator-imposed restrictions.

For more information about setting up MFA on Google Cloud, see Google's official guide here.