Following a major hack that affected 165 companies just before the summer, Snowflake will require MFA for all new accounts starting in October.

Snowflake is pulling the handbrake and requiring all new accounts to set up multi-factor authentication starting in October. This is a logical step after the brand allowed administrators to make MFA optional within an organization in early July.

There’s a big reason why MFA is suddenly a priority at Snowflake. At the end of June, it emerged that at least 165 Snowflake customers had fallen victim to hackers. Technically, the fault for this was not with the Snowflake platform itself. After all, the attackers did not exploit a vulnerability, but were able to log in using stolen and leaked data.

For customers who did not have MFA enabled, this was easy. In the wake of the revelations, Snowflake received some criticism for the way it delivers MFA to users.

With new policies in July, the company removed friction so anyone can enable MFA. Starting in October, MFA will be enabled by default for new accounts.

“As part of our ongoing efforts, we are announcing that MFA will be enforced by default for all human users in every Snowflake account created in October 2024,” said Brad Jones, CISO of Snowflake. “Service users – accounts for Service-to-serviceCommunications – are not subject to this MFA requirement.”