Multi-factor authentication and passwords
Edit on GitHubThis document describes the security policies and features used to keep your accounts and environments safe.
Security policy updates
To make Spryker environments safe, we regularly review our security policy and update access requirements. When the policy updates happen, we send email updates to Cloud Maintenance Contracts, informing about the changes and the steps to be taken. The latest email was sent on February 14, 2025.
Password rotation and policy updates
Passwords must be updated every 365 days. If not updated within this period, you may be locked out of your account. If a password expires, on the next login attempt, you’ll be asked to set a new password. As your password is getting closer to the expiration date, you’ll receive warnings prompting you to update your password via the AWS Management Console.
API keys
API keys must be renewed every 365 days. If keys expire, you’ll not be able to interact with the account via API. If that happens, renew keys in the AWS Management Console and use them to access your account via API.
API keys for SES and S3 service accounts are an exception and don’t expire.
MFA
Multi-factor authentication (MFA) adds an extra layer of security by requiring users to provide unique authentication in addition to their regular sign-in credentials when accessing AWS services.
MFA must be enabled for all accounts. An account with MFA disabled will not be able to access the AWS Management Console.
SES and S3 service accounts don’t require MFA because they’re accessed using API keys only.
The following sections explain how to set up MFA.
MFA devices
AWS supports the following types of MFA devices:
| MFA DEVICE TYPE | DESCRIPTION |
|---|---|
| FIDO security keys | Hardware security keys certified by the FIDO Alliance. They use public key cryptography for strong, phishing-resistant authentication. |
| Virtual MFA devices | Authenticator apps for smartphones and other devices. They emulate physical MFA devices and use the time-based one-time password (TOTP) algorithm. |
| Hardware TOTP tokens | Physical tokens that generate TOTP codes. |
Set up MFA
For security and auditing purposes, you can only add MFA. If you need to update or remove MFA, create a Password Reset Change Request and specify the necessary details.
- In the AWS Management Console, go to Services>IAM. This opens the IAM Dashboard page.
- On the dashboard click Add MFA
- On the Select MFA device, enter a Device name.
- Select the needed MFA device.
- Click Next and follow the wizard to set up the device.
Once MFA is activated, you’ll need to provide this factor every time you log into AWS.
Thank you!
For submitting the form