Enforcing Multi-Factor Authentication (MFA) has been approved by Snowflake, following the conclusion of their recent data breach investigations.

Enforcing Multi-Factor Authentication (MFA) has been approved by Snowflake, following the conclusion of their recent data breach investigations.

Snowflake, the data warehousing platform, has announced a new security policy requiring mandatory multi-factor authentication (MFA) for all human users accessing customer accounts starting November 2025 [1][4]. This move aims to improve the overall security posture of Snowflake customer environments by reducing the risks associated with password-only authentication.

The decision comes after a series of attacks targeting more than 100 Snowflake customer environments, which led to the company's completion of investigations with CrowdStrike and Mandiant [3]. During these attacks, an unauthorized individual gained access to Snowflake demo accounts from April 17 to May 24, 20XX. These demo accounts were not associated with any production, corporate, or customer Snowflake environments, and were not protected with MFA or single-sign on [2].

In response, Snowflake has taken several measures to mitigate the risks. The company stood up the Snowflake Trust Center, a platform that will help administrators enforce MFA, check their account against security benchmarks, and provide visibility into users' adherence to security policies [1]. Additionally, Snowflake introduced scanners on Tuesday to detect overprivileged entities, determine MFA compliance, and identify other potential security risks in its customers' environments [1].

For existing Snowflake customer accounts, administrators still have the option to opt out of MFA. However, users that log into Snowflake without MFA will be prompted to enable the security control and guided through configuration steps. For new customer accounts, MFA will be enabled by default [1].

Snowflake's Chief Information Security Officer (CISO), Brad Jones, has emphasised that administrators will have the flexibility to set MFA policies at the user level or systemwide [1]. He also stated that the attacks are likely part of ongoing industry-wide, identity-based attacks with the intent to obtain customer data [3].

The MFA policy rollout reflects the challenges technology vendors confront in instituting sweeping changes to a widely used platform. Snowflake encourages organisations to evaluate their authentication strategy, with smaller businesses often benefiting from direct MFA implementation and larger enterprises possibly adopting Single Sign-On (SSO) integrated with MFA as a long-term solution [2].

This move reflects Snowflake’s strategic emphasis on stronger authentication to safeguard sensitive data and ensure uninterrupted access to its platform [1][4]. The former employee's account was disabled on May 24, and Snowflake's most recent quarter ended on April 30 with 9,822 customers [2][4].

[1] Snowflake Blog Post: [Link to the blog post] [2] Snowflake Press Release: [Link to the press release] [3] Mandiant Investigation Findings: [Link to the report] [4] CrowdStrike Investigation Findings: [Link to the report]

1. Snowflake's new security policy, which requires mandatory multi-factor authentication (MFA) for all human users accessing customer accounts, aims to improve the overall security posture by reducing risks associated with password-only authentication.
2. The need for MFA was highlighted following a series of attacks on Snowflake customer environments, where an unauthorized individual gained access to Snowflake demo accounts from April 17 to May 24, 20XX, which were not protected with MFA.
3. In response to these attacks, Snowflake introduced scanners to detect overprivileged entities, determine MFA compliance, and identify other potential security risks in its customers' environments.
4. Recognizing the challenges technology vendors face in implementing sweeping changes, Snowflake encourages organizations to evaluate their authentication strategy, with smaller businesses potentially benefiting from direct MFA implementation and larger enterprises adopting Single Sign-On (SSO) integrated with MFA as a long-term solution.

Read also: