Source URL: https://www.theregister.com/2024/09/16/snowflake_mfa_default/
Source: The Register
Title: Snowflake slams ‘more MFA’ button again – months after Ticketmaster, Santander breaches
Feedly Summary: Now it’s the default for all new accounts
Snowflake continues to push forward in strengthening its users’ cybersecurity posture by making multi-factor authentication the default for all new accounts.…
AI Summary and Description: Yes
Summary: The text discusses Snowflake’s proactive measures to enhance cybersecurity by mandating multi-factor authentication (MFA) and improving password requirements. Following significant data theft incidents, these changes aim to fortify user account security, providing crucial insights into the industry’s response to data breaches.
Detailed Description:
The content focuses on Snowflake, a cloud-based data-analytics platform, enhancing its security measures in response to previous data breaches. Key points of the announcement include:
– **Mandatory MFA**: Starting October 2024, MFA will be enforced by default for all new human user accounts in Snowflake, which marks a significant shift towards stronger authentication protocols.
– **Background on Data Breaches**:
– Mandiant conducted an investigation into data thefts affecting Snowflake customers, linking the incidents to a lack of MFA.
– Specific breaches included Ticketmaster and Santander Bank, where massive amounts of sensitive data were stolen, affecting millions.
– **Improvements in Password Policies**: The minimum password length will increase from 8 to 14 characters, and users will be prohibited from reusing the last five passwords. These changes aim to bolster password security significantly.
– **Long-term Goals**: Snowflake intends to eliminate password-only authentication entirely from its platform in the future (specific timeline not provided), signifying a shift towards utilizing more secure authentication methods.
– **Additional Recommendations**:
– Users are encouraged to utilize Single Sign-On (SSO) when possible and are advised to consult the company’s white paper on security best practices.
– For service accounts, using external OAuth for authentication is recommended, and if that’s not feasible, key pair authentication with strict network policies should be enabled.
– **Context of Pressure for Change**: The company faced scrutiny following allegations that the breaches were a result of weaknesses in its security infrastructure, prompting a more robust response.
These initiatives highlight a growing trend within the cloud services industry: prioritizing advanced security measures to combat the increasing prevalence of data breaches. For professionals in security, compliance, and risk management, this case illustrates the critical importance of proactive security measures and lays a foundational framework for best practices in cybersecurity strategy.