AWS Plans Multifactor Authentication Mandates for 2024

Amazon will add new MFA requirements for users with the highest privileges, with plans to include other user levels over time.

Dark Reading Staff, Dark Reading

October 4, 2023

1 Min Read
AWS Cloud Services
Source: Dzianis Hill via Alamy Stock Photo

Amazon Web Services announced that starting mid-2024, root users of an AWS Organization account will be required to use multifactor authentication (MFA) to log in.

AWS will continue to expand MFA requirements to include users with lower access privileges, Amazon's Steve Schmidt added in a blog post this week.

MFA options for AWS login will include FIDO security keys, a virtual authenticator application, or hardware-generated time-based, one-time password (TOTP) tokens, Amazon's MFA guide said. The cloud provider also set up an MFA key portal where customers can request a free security key.

"We recommend that everyone adopts some form of MFA, and additionally encourage customers to consider choosing forms of MFA that are phishing-resistant, such as security keys," Schmidt wrote in the post.

Last July, AWS cloud environments were targeted by sprawling, credential-stealing and cryptomining cyberattacks, which later spread to Azure and Google Cloud environments.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights