Dive Brief:
- Snowflake will block and no longer allow customers to access their Snowflake environments using single-factor authentication passwords by November 2025, the company said earlier this month.
- The policy change will take effect in phases, impacting sign-ins for account containers, user objects, human users and service users over an eight-month period starting in April 2025. Snowflake declined to answer questions about customer multifactor authentication adoption or how many customers currently access their environments with single-factor authentication.
- “Our goal is to help drive the improvement of our customers’ security posture by providing strong authentication options and ultimately sunsetting the legacy authentication methods — raising the bar for the industry,” Snowflake CISO Brad Jones said Monday via email.
Dive Insight:
Snowflake’s password-policy change will kick off one year after a wave of attacks hit more than 100 Snowflake customer environments that were not configured with MFA.
The widely recommended security control, a central tenet of the Cybersecurity and Infrastructure Security…
