Skip to main content

lacework-global-233

Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts (Manual)

Profile Applicability

• Level 1

Description

Setup multi-factor authentication for Google Cloud Platform accounts.

Rationale

Multi-factor authentication requires more than one mechanism to authenticate a user. This secures user logins from attackers exploiting stolen or weak credentials.

Audit

From Console:

For each Google Cloud Platform project, folder, or organization:

  1. Identify non-service accounts.
  2. Manually verify that multi-factor authentication for each account is set.

Remediation

From Console:

For each Google Cloud Platform project:

  1. Identify non-service accounts.
  2. Setup multi-factor authentication for each account.

References

https://cloud.google.com/solutions/securing-gcp-account-u2f
https://support.google.com/accounts/answer/185839