Snowflake implements MFA by default along with 14-character passwords

Rapid7 announces support for AWS resource control policies

Snowflake implements MFA by default along with 14-character passwords

The enhanced default security measures come after a series of high-profile third-party hacks.

Cloud data storage company Snowflake has announced the launch of multi-factor authentication (MFA) by default on its platform after the company made headlines earlier this year due to multiple data breaches of its customers. .

The company is also introducing a new password policy that will require customers to use passwords of at least 14 characters.

Snowflake passwords previously had a minimum length of eight characters, and although Snowflake had introduced the ability for administrators to enforce MFA in July, it was still only an opt-in feature.

“Snowflake has always been committed to helping customers protect their accounts and data. To further our commitment to protecting against cybersecurity threats and championing the advancement of industry security standards, Snowflake recently signed the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure By Design Pledge,” Snowflake said. in a September 13 blog post.

“In line with CISA’s Secure By Design principles, we recently announced a number of security enhancements to the platform, notably the general availability of Trust Center and a new multi-factor authentication (MFA) policy. As part of our ongoing efforts, we are announcing that MFA will be applied by default for all human users on any Snowflake account created in October 2024.”

Mandiant security researchers discovered a coordinated campaign against Snowflake customers in June 2024, with at least 165 organizations without MFA enabled exposed to potential compromise.

At the time, Snowflake said the source of the compromise was likely stolen credentials.

“This appears to be a campaign targeting users with single-factor authentication,” Snowflake said in June. “As part of this campaign, threat actors have leveraged credentials previously purchased or obtained through data-stealing malware.

“We found evidence that a threat actor obtained personal credentials and accessed demo accounts belonging to a former Snowflake employee.”

AT&T, Live Nation and US retailer Neiman Marcus were among the many victims of the campaign.

Leave a Reply

Your email address will not be published. Required fields are marked *