AWS Plans Multifactor Authentication Mandates for 2024AWS Plans Multifactor Authentication Mandates for 2024
Amazon will add new MFA requirements for users with the highest privileges, with plans to include other user levels over time.
October 4, 2023
Amazon Web Services announced that starting mid-2024, root users of an AWS Organization account will be required to use multifactor authentication (MFA) to log in.
AWS will continue to expand MFA requirements to include users with lower access privileges, Amazon's Steve Schmidt added in a blog post this week.
MFA options for AWS login will include FIDO security keys, a virtual authenticator application, or hardware-generated time-based, one-time password (TOTP) tokens, Amazon's MFA guide said. The cloud provider also set up an MFA key portal where customers can request a free security key.
"We recommend that everyone adopts some form of MFA, and additionally encourage customers to consider choosing forms of MFA that are phishing-resistant, such as security keys," Schmidt wrote in the post.
Last July, AWS cloud environments were targeted by sprawling, credential-stealing and cryptomining cyberattacks, which later spread to Azure and Google Cloud environments.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023