_imageBROKER.com_GmbH_&_Co._KG_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop)
December 11, 2024 at 08:46AM
Snowflake will require all customers to enable multifactor authentication (MFA) by November 2025, following a three-phase policy change. After incidents of attacks on customers, this measure aims to enhance security, with guides available for migration. Failure to comply will result in access being blocked after specified deadlines.
### Meeting Takeaways:
1. **New Authentication Policy**: Snowflake announced a mandatory multifactor authentication (MFA) requirement for all customers by November 2025.
2. **Phased Implementation**: The policy change will be implemented in three phases:
– **Phase 1 (April 2025)**: Human users on accounts without a customized authentication policy must enroll in MFA during their next sign-in.
– **Phase 2 (August 2025)**: MFA will be required for all password-based sign-ins for human users, regardless of custom authentication policies.
– **Phase 3 (Post-August 2025)**: Block all password-based sign-ins using single-factor authentication, including service accounts.
3. **Deadline for Compliance**: Customers need to ensure they are compliant before the November 2025 deadline.
4. **Support Resources**: Snowflake has provided guides to assist organizations in migrating to MFA. A Threat Intelligence scanner package is also available on Snowflake’s Trust Center to identify users without MFA enabled.
5. **Motivation for Policy Change**: The new policy comes in response to a recent spree of attacks on Snowflake customers due to poor security hygiene, with over 165 organizations affected, including Neiman Marcus, Ticketmaster, and AT&T, leading to significant data breaches and extortion attempts.
6. **Action Required**: Customers must take immediate steps to implement the MFA changes to avoid loss of access and enhance account security.