CData's Snowflake Connectivity is Ready for the Single-Factor Password Authentication Block

Snowflake recently announced that it will block single-factor authentication sign-ins using passwords by November 2025. For many users, multi-factor authentication (MFA) will be mandatory for password sign-ins by April 2025. This follows the previous announcement that, for new Snowflake accounts created after October 2024, MFA will be the default for all password sign-ins. 

While these changes enhance security features and protection levels, users connecting to Snowflake with password authentication via CData products will be unable to connect using password authentication after April 2025. As always, CData is ready for these changes. CData products support various authentication schemes for connecting to Snowflake, including key-pair authentication and OAuth authentication. 

This article provides an overview of the upcoming block on single-factor password authentication for Snowflake and guides alternative authentication methods available in CData products.

Impact of Snowflake's ban of single-factor password authentication

The enforcement of multi-factor authentication (MFA) by Snowflake impacts those users who sign-in using single-factor password authentication. This only applies to CData users using password authentication (by setting the Auth Scheme connection property to "Password"). Users connecting to Snowflake from CData products using key-pair authentication, OAuth authentication, or other single sign-on methods are not affected. 

Deprecation timeline 

• October 2024: Accounts created using Snowflake's 2024_08 bundle (October 2024) or later already require MFA, so password authentication connections from CData products cannot be used. 

• April 2025: Snowflake enables the default authentication policy on all accounts, with MFA enforced on password sign-ins for human users*. MFA is mandatory for password authentication for all human users of Snowflake without a custom authentication policy. CData users without a custom authentication policy in their Snowflake account can no longer use password authentication. 

• August 2025: Enforce MFA on all password-based sign-ins for human users. MFA is mandatory for password authentication for all human users*, even for those with custom authentication policies, so password authentication for these users in CData products will no longer be possible. 

• November 2025: Block sign-in to Snowflake using single-factor authentication with passwords for all users (human or service). Sign-ins to Snowflake using single-factor password authentication will be blocked for all users (human or service*), so password authentication to Snowflake from CData products will no longer be possible for service users as well. 

* - "Human users" are those user objects whose TYPE property is PERSON or NULL, while "service users" are those whose TYPE property is SERVICE or LEGACY_SERVICE.

What should CData users do? 

Users connecting to Snowflake with CData products using password authentication (Auth Scheme set to "Password") can continue to integrate with Snowflake by switching to key-pair authentication, OAuth authentication, or other single sign-on methods. No changes are required from the current version of CData products you are using. 

Below, we provide a brief overview of key-pair and OAuth authentication, which are popular authentication methods for Snowflake, with links to full tutorials for enabling these options in Snowflake and using them in CData products. 

Snowflake key-pair authentication 

Snowflake's "key-pair authentication" is an authentication method using RSA key pairs, which CData products already support. To connect using key-pair authentication from CData products, you need to have the private key of the key pair at hand, and the public key must be assigned to the login user. 

For details on generating a key-pair and setting up connections from CData products, please refer to our knowledge base article: How to Use Key-Pair Authentication with CData Snowflake Drivers.  

Snowflake OAuth authentication 

Snowflake offers an authentication method using the OAuth 2.0 protocol, which is also already supported by CData products. Users will use a Snowflake object called a "Security integration," which facilitates integration between Snowflake and other services. To access Snowflake via OAuth from CData products, you will need OAuth client ID and client secret credentials. 

For details on creating security integrations in Snowflake and connecting via OAuth from CData products, please refer to our knowledge base article: Using OAuth Authentication with CData Snowflake Drivers. 

Authenticate beyond key-pair and OAuth 

CData products support various authentication schemes for Snowflake, including key-pair authentication, OAuth authentication, Okta authentication, Azure AD authentication, PingFederate authentication, and SAML authentication. For more specific information on authentication protocols, refer to the CData Snowflake Documentation. 

CData solutions work come snow or shine 

Thanks to strong partnerships with companies like Snowflake, CData solutions are regularly ready for pending changes made to platforms, services, and their APIs. Download any of our Snowflake solutions to get live access to your Snowflake data from your preferred tools or quickly build data pipelines that incorporate your Snowflake data