NEWS BRIEF
Snowflake has introduced a brand new authentication coverage that may require all clients to enable multifactor authentication (MFA) on their accounts by November 2025 or threat having their entry blocked.
The three-phase coverage change comes after Snowflake’s current determination to allow MFA by default on all new accounts.
“MFA will likely be enforced by default for all human customers in any Snowflake account created as of October 2024,” Snowflake’s Anoosh Saboori and Brad Jones wrote back in September.
Within the first part, deliberate for April, human customers on accounts with out a personalized authentication coverage will likely be required to enroll in MFA the following time they signal into Snowflake.
The second part, in August, would require MFA for all password-based sign-ins for human customers. This requirement will apply no matter any customized authentication coverage in place on the account.
Within the ultimate part, Snowflake will block all password-based sign-in makes an attempt utilizing single-factor authentication. Whereas the earlier two phases targeted on human customers, this part can even apply to service accounts utilizing programmatic entry.
Snowflake clients should make the mandatory modifications earlier than November. Snowflake has created guides to assist organizations with the migration. There may be additionally a Menace Intelligence scanner bundle obtainable on Snowflake’s Belief Heart that may scan accounts to determine customers who would not have MFA enabled and are vulnerable to shedding entry.
The spree of assaults targeting Snowflake customers earlier this 12 months was a results of poor hygiene and the shortage of MFA. Greater than 165 organizations had been impacted, reminiscent of Neiman Marcus, Ticketmaster, and AT&T. A big quantity of buyer knowledge has been stolen, and several other victims had been hit with subsequent extortion makes an attempt.
Source link