_imageBROKER.com_GmbH_&_Co._KG_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop "Snowflake Introduces Required Multi-Factor Authentication Plan")
_imageBROKER.com_GmbH_&_Co._KG_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop&description=Snowflake+Introduces+Required+Multi-Factor+Authentication+Plan){kind=link}
Snowflake’s recent announcement of a new authentication policy mandating the use of multifactor authentication (MFA) for all customers has sparked a wave of change in the cybersecurity landscape. The decision by Snowflake, a cloud-based data warehousing company, to enforce MFA on all accounts by November 2025 is a proactive measure aimed at enhancing security and safeguarding customer data against potential threats.
The policy change, which will be implemented in three phases, builds upon Snowflake’s earlier move to enable MFA by default on all new accounts. In a blog post by Snowflake executives Anoosh Saboori and Brad Jones, it was revealed that MFA will become the default for all human users in any Snowflake account created as of October 2024.
The first phase of the policy change, set for April, will require human users on accounts without a customized authentication policy to enroll in MFA the next time they sign into Snowflake. This initial step aims to familiarize users with the new security protocol and ensure a smooth transition towards enhanced authentication measures.
In August, the second phase will come into effect, necessitating MFA for all password-based sign-ins for human users. This requirement will apply universally, irrespective of any custom authentication policy in place on the account, further strengthening the security posture of Snowflake’s customers.
The final phase of the authentication policy change will see Snowflake block all password-based sign-in attempts using single-factor authentication. While the first two phases primarily focused on human users, this phase will extend to service accounts utilizing programmatic access, underscoring the comprehensive nature of the security enhancements being rolled out by Snowflake.
It is imperative for Snowflake customers to make the requisite changes before the deadline in November. To assist organizations with the migration to MFA, Snowflake has provided detailed guides and resources, including a Threat Intelligence scanner package available on the Snowflake Trust Center. This tool can scan accounts to identify users who have not yet enabled MFA and are therefore at risk of losing access to their accounts.
The urgency of implementing these security measures is underscored by the recent spate of cyberattacks targeting Snowflake customers earlier this year. These breaches were attributed to poor security hygiene and the absence of MFA, leaving more than 165 organizations vulnerable to malicious actors. Companies such as Neiman Marcus, Ticketmaster, and AT&T were among the victims of these attacks, resulting in the theft of a substantial amount of customer data and subsequent extortion attempts.
By enforcing MFA across all accounts, Snowflake is taking a proactive stance in safeguarding customer data and fortifying the security of its platform against potential cyber threats. This comprehensive approach to authentication reflects Snowflake’s commitment to prioritizing data security and protecting its customers from evolving cybersecurity challenges.