Snowflake has announced it will make multi-factor authentication (MFA) mandatory for all accounts by November 2025.
The firm said it will block sign-ins using single factor authentication with passwords as part of its commitment to the Cybersecurity and Infrastructure Security Agency (CISA)’s Secure by Design pledge, of which it is a signatory.
This follows a previous announcement by the multi-cloud data warehousing platform that MFA will be the default for all password sign-ins in new Snowflake accounts created starting October 2024.
Single factor authentication will be phased out across three stages:
- In April 2025, Snowflake will force all human users in accounts without a custom authentication policy to enroll in MFA upon their next password-based sign-in to Snowflake
- In August 2025, MFA will be enforced on all password-based sign-ins for human users
- In November 2025, Snowflake will block sign-ins to its platform for all users using single-factor authentication with passwords
Earlier in 2024, it emerged that a threat actor had stolen a vast volume of user data from Snowflake, using compromised customer credentials to do so.
This activity led to a number of high-profile data breaches affecting companies such as Ticketmaster, Santander and AT&T.
The commitment to making MFA mandatory aims to prevent similar incidents occurring in the future by ensuring a separate line of defense when an account password is compromised.
The firm wrote: “This enhanced level of protection adds to the growing security capabilities of Snowflake Horizon Catalog, which empowers security admins and chief information security officers to better safeguard their security posture and mitigate risks of credential theft.”
Tech Firms Boosting Authentication Measures
Snowflake is the latest in a line of tech providers that are mandating stronger authentication measures for users.
In November, Google Cloud said it will be mandating MFA for sign-on by the end of 2025.
Microsoft announced in August it is mandating MFA for all Azure sign-ins.
Amazon Web Services (AWS) said in 2023 it will require MFA for all privileged accounts starting mid-2024.
Numerous tech companies including X (formerly Twitter) and Google have also made Passkeys available as an authentication option for users.
Image credit: Sundry Photography / Shutterstock.com