Starting April 21, 2026, the Google Ads API will request multi-factor authentication to safeguard Google Ads accounts by making access significantly more secure against unauthorized entries. This will be required alongside a password for all users generating new OAuth 2.0 refresh tokens.
The MFA requirement will affect any applications using the user authentication workflow, while service account workflows will remain unaffected.
Affected users will be prompted to enable 2-step verification if not already activated.
For more details on this security update, visit the official announcement: Multi-factor Authentication Requirement for the Google Ads API.