Deprecate username/password authentication

[ReubenFrankel]

Snowflake will block single-factor password authentication by November 2025: https://www.snowflake.com/en/blog/blocking-single-factor-password-authentification

Our phased approach will entail three stages:

1. April 2025: Enable for all accounts the default authentication policy, with MFA enforced on password sign-ins for human users. In this phase, all human users in accounts without a custom authentication policy will be required to enroll in MFA upon their next password-based sign-in to Snowflake. If an account already has a custom authentication policy at the time of this rollout, human users will not see a difference in their sign-in experience. At this time, we will also block access to Snowsight for LEGACY_SERVICE users.
2. August 2025: Enforce MFA on all password-based sign-ins for human users. In this phase, even if the customer has a custom authentication policy already defined, all human users will be required to use MFA when signing in with passwords.
3. November 2025: Block sign-in to Snowflake using single-factor authentication with passwords for all users (human or service). In this phase, LEGACY_SERVICE is deprecated and all LEGACY_SERVICE users will be migrated to SERVICE users.

[edgarrmondragon]

Thanks for logging and sharing the link @ReubenFrankel!