Google Cloud has announced a major update to its account security measures. Beginning in July 2025, users will be required to re-enter their password or complete multi-factor authentication (MFA) before making critical administrative changes to cloud resources. This new step is aimed at protecting sensitive settings such as Identity and Access Management (IAM) policies and billing configurations.
The changes will affect users accessing the Google Cloud Console through Google Cloud Identity. Specifically, re-authentication will be triggered for actions like modifying IAM policies at the organization, folder, or project level, and making adjustments to billing assignments. Programmatic access and external identities using Single Sign-On or Workforce Identity pools will not be subject to these additional requirements, and service accounts remain unaffected.
According to Google, this added layer of protection is intended to ensure that only authorized users can make potentially disruptive changes within enterprise cloud environments. The company stated that no user action is required in preparation for the update, as the changes will be automatically implemented in July.
The update comes as part of Google Cloud’s ongoing commitment to enhance security and protect customers from unauthorized access, misconfigurations, and insider threats. A full guide to the upcoming changes is available through Google Cloud’s support resources, offering detailed explanations of the new authentication flow.
Bd-pratidin English/ Jisan
