1.2 Ensure that multi-factor authentication is enabled for all non-service accounts

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Setup multi-factor authentication for Google Cloud Platform accounts.

Rationale:

Multi-factor authentication requires more than one mechanism to authenticate a user. This secures user logins from attackers exploiting stolen or weak credentials.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

For each Google Cloud Platform project:
Step 1: Identify non-service accounts.
Step 2: Setup multi-factor authentication for each account.

Default Value:

By default, multi-factor authentication is not set.

See Also

https://workbench.cisecurity.org/files/3316