AWS Plans Multifactor Authentication Mandates for 2024
Amazon will add new MFA requirements for users with the highest privileges, with plans to include other user levels over time.
Amazon Web Services announced that starting mid-2024, root users of an AWS Organization account will be required to use multifactor authentication (MFA) to log in.
AWS will continue to expand MFA requirements to include users with lower access privileges, Amazon's Steve Schmidt added in a blog post this week.
MFA options for AWS login will include FIDO security keys, a virtual authenticator application, or hardware-generated time-based, one-time password (TOTP) tokens, Amazon's MFA guide said. The cloud provider also set up an MFA key portal where customers can request a free security key.
"We recommend that everyone adopts some form of MFA, and additionally encourage customers to consider choosing forms of MFA that are phishing-resistant, such as security keys," Schmidt wrote in the post.
Last July, AWS cloud environments were targeted by sprawling, credential-stealing and cryptomining cyberattacks, which later spread to Azure and Google Cloud environments.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024