Google confirms mandatory 2FA decision
If you are among the 30% of Google Cloud users who currently sign in using a password, and nothing but a password, things are about to get a lot more secure. Starting immediately, Google is “encouraging” users with “helpful reminders” about the benefits of two-factor authentication. Starting in early 2025, that encouragement will turn into a mandatory requirement to use 2FA for all new and existing customers who login with a password. Here’s what you need to know.
Google To Make 2FA Mandatory For Cloud Users In 2025
In a Nov. 05 announcement, Google Cloud vice president of engineering, Mayank Upadhyay, dropped a security bombshell: mandatory 2FA for all Google Cloud users will be phased in during 2025, and starting sooner than you might imagine.
As part of its commitment to providing the strongest security for customers, Upadhyay confirmed that Google has seen firsthand how 2FA “strengthens security without sacrificing a smooth and convenient online experience.” That’s why, the announcement continued, 2FA will soon be required for all Google Cloud users signing in with a password. During the transition period, Upadhyay said, Google Cloud will be providing advance notification to users so 2FA deployments can be properly planned.
A Phased Approach To Mandatory Google 2FA—But The Clock Is Ticking
Google has stated that it is taking a phased approach to the mandatory 2FA requirement for Google Cloud users; here’s what that means practically. The three-phase implementation starts immediately with phase one: Google is encouraging users to adopt 2FA now if they currently sign in with a password and are not already among the 70% of users who have deployed 2FA protection.
Phase two is scheduled to begin in “early 2025” although Google has yet to confirm an actual date for the 2FA deployment measure. What we do know, however, is that all new and existing Google Cloud users who sign in with a password will be required to implement 2FA. No ifs, no buts; it’s a mandatory requirement moving forward. Notifications will appear across the Google Cloud Console, the Firebase Console and gCloud, with Upadhyay warning that to “continue using these tools, you’ll need to enroll” with 2FA.
The final phase will occur by the end of 2025, we are told, and will extend the mandatory 2FA requirement to those currently using federated authentication when logging into Google Cloud. “You’ll have flexible options to meet this requirement,” the announcement confirmed. This appears to mean that you will be able to enable 2FA with the primary identity provider before accessing Google Cloud itself, or add an additional layer of 2FA security through Google’s system using your Google account.
Don’t Wait, Enable 2FA For Your Google Cloud Account Today
The truth of the matter is that 2FA has been accepted and adopted as an essential security measure across most Google services. This is not anything new in terms of being a known security benefit for Google users. However, Upadhyay said, “Given the sensitive nature of cloud deployments — and with phishing and stolen credentials remaining a top attack vector observed by our Mandiant Threat Intelligence team — we believe it’s time to require 2FA for all users of Google Cloud.” To be honest, it is hard to think of a reasonable argument to counter that opinion. You know what to do, Google users, implement 2FA sooner rather than later.
