Amazon Web Services is upping the ante on the security front with significant new changes to AWS And the Identity and access management Users (IAM). Announcing the changes in a blog post published earlier this week, Liam Wadman and Khaled Zaki said that users can now add more than one. Multi-factor authentication (MFA) for root users of their AWS account and IAM users of their AWS accounts.
Until now, only one MFA endpoint could be associated with root users or IAM users, but now Amazon has raised the number to eight, a change that “raises security,” the authors said.
To enroll multiple MFA devices, into any combination of the currently supported MFA types, these are the steps:
- Sign in to the AWS Management Console
- If set up for a root user, choose My security credentials.
- If setup for an IAM user, choose Security Credentials.
- For multi-factor authentication (MFA), choose Map MFA Device.
- Select the type of MFA device you want to use and then choose Next.
Having multiple active MFAs does not mean that they need to confirm someone’s login session. Only one MFA device is needed to log into the console, or to create a session through the AWS Command Line Interface (AWS CLI) as explained by the authors.
Moreover, this upgrade does not guarantee any permission changes. Both root and IAM users on accounts managing MFA devices today can use existing IAM permissions to enable additional devices.
Except for customers operating in AWS GovCloud Regions (US), or AWS China Regions, the new feature is now available, at no additional cost to use.
Multi-factor authentication is widely considered one of the most important secure account features for any online services. This technology complements Password manager And it’s published across billions of accounts all over the world including the biggest service providers – Google, Facebook, Microsoft and more.