Ensure that Multi-Factor Authentication (also known as 2-Step Verification or 2SV) is enabled for all user accounts in order to help protect the access to your Google Cloud Platform (GCP) resources, applications and data. MFA/2SV provides an additional layer of security on top of existing user account credentials (i.e. email address and password). By requiring more than one mechanism to authenticate a user, MFA/2SV protects the user login from attackers exploiting stolen or weak credentials. Google provides several verification methods such as mobile device push notifications, hardware security keys, Google Authenticator codes, text messages or phone call verification.
When Multi-Factor Authentication/2-Step Verification is enabled, the user will have to present a minimum of two separate forms of authorization before its access is granted. Having an MFA/2SV-protected user account represents an efficient way to safeguard your Google Cloud Platform (GCP) resources against malicious actors as attackers would have to compromise at least two different authentication methods in order to gain access, and this reduces significantly the risk of attack.
To determine if MFA/2SV is enabled for GCP user accounts, perform the following actions:Note: Getting the 2-Step Verification feature status using GCP Command Line Interface (CLI) is not currently supported.
Remediation / Resolution
To enable Multi-Factor Authentication (MFA) for your Google Cloud Platform (GCP) user accounts, perform the following actions:Note: Enabling Multi-Factor Authentication feature for GCP user accounts using Command Line Interface (CLI) is not currently supported.
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Enable Multi-Factor Authentication for User Accounts
Risk level: High