Set up multi-factor authentication
Edit on GitHubMulti-factor authentication (MFA) adds an extra layer of security by requiring users to provide unique authentication in addition to their regular sign-in credentials when accessing AWS services. Here are the steps to set up MFA:
MFA devices
AWS supports the following types of MFA devices:
| MFA DEVICE TYPE | DESCRIPTION |
|---|---|
| FIDO security keys | Hardware security keys certified by the FIDO Alliance. They use public key cryptography for strong, phishing-resistant authentication. |
| Virtual MFA devices | Authenticator apps for smartphones and other devices. They emulate physical MFA devices and use the time-based one-time password (TOTP) algorithm. |
| Hardware TOTP tokens | Physical tokens that generate TOTP codes. |
Set up MFA
Changing and removing MFA
For security and auditing purposes, you can only add MFA. If you need to update or remove MFA, create a Password Reset Change Request and specify the necessary details.
- In the AWS Management Console, go to Services>IAM. This opens the IAM Dashboard page.
- In the navigation pane, click Users.
- In the Users list, click on the user you want to set up MFA for.
- On the user’s page, click the Security credentials tab.
- In the Multi-factor authentication (MFA) pane, click Assign MFA device.
- On the Select MFA device, enter a Device name.
- Select the needed MFA device.
- Click Next and follow the wizard to set up the device.
Once MFA is activated, you’ll need to provide this factor every time you log into AWS.
Thank you!
For submitting the form