Snowflake Will Block Single-Factor Password Authentication

[nishimurakaori]

snowflake plans to make MFA authentication mandatory.
It would be helpful if you could also support connection authentication with redash.
Thank you in advance.

https://www.snowflake.com/en/blog/blocking-single-factor-password-authentification/

[Synohara]

I suggest implementing key-pair authentication because implementing MFA in Redash would be challenging, so adding support for key-pair authentication would be a better approach.

[sfc-gh-lleon]

Hi there, Luis from Snowflake.

While Key-pair authentication is an option. For human interactive scenarios, I would encourage Redash team to support OAuth 2.0 Authorization code flow (Snowflake OAuth). In this way, users doesn't have to invest in maintaining individual keys for this integration.

[nishimurakaori]

Thanks for the good ideas.
But we can't use oAuth2.0 in our company for a while.
Please let me know if there is another way.
Thank you in advance.

[markns]

A workaround is to set the Snowflake user to type LEGACY_SERVICE

alter user REDASH_DEV set TYPE = 'LEGACY_SERVICE'

https://docs.snowflake.com/en/sql-reference/sql/create-user#label-user-type-property

I'm not sure yet how long this will be supported by Snowflake. @sfc-gh-lleon do you perhaps have some information about this?

[roki18d]

It seems that users of TYPE = LEGACY_SERVICE will be migrated to TYPE = SERVICE users by November 2025.

https://www.snowflake.com/en/blog/blocking-single-factor-password-authentification/

[roki18d]

As described in this article, I was able to authenticate users with TYPE = SERVICE by building a custom image with a Snowflake data source that supports Key-Pair authentication.

https://zenn.dev/dataheroes/articles/20250411-redash-snowflake-keypair-authn