AWS has announced that it will be implementing mandatory multifactor authentication (MFA) for signing in to AWS accounts by the end of this year. This move comes as part of AWS’s efforts to enhance security measures and protect user accounts from unauthorized access.
Currently, AWS only requires MFA for ‘management account’ root users of AWS Organizations, which is a service that manages multiple AWS accounts. However, starting in July 2024, root users of standalone accounts will also be required to use MFA when signing in to the AWS Management Console. AWS will gradually roll out this change to ensure a smooth transition for customers.
To help users adapt to the new MFA requirement, AWS will provide a grace period for enabling MFA, with reminders displayed at sign-in. This will give users the opportunity to set up MFA before it becomes mandatory for all accounts.
In addition to enforcing MFA for standalone accounts, AWS also plans to introduce new features to help customers manage MFA for a larger number of users, including member accounts in AWS Organizations. These features are expected to be launched later this year, further enhancing the security of AWS accounts.
One of the key developments in AWS’s MFA implementation is the support for FIDO2 passkeys. FIDO2 is a passwordless authentication method that adds an extra layer of security to user accounts. Passkeys are considered more secure than traditional MFA methods, as they are based on public key cryptography.
Passkeys are designed to be phishing-resistant, making them a secure authentication option for AWS users. By generating a private-public key pair on the user’s device, passkeys ensure that only the authorized user can access their account. This eliminates the risk of theft, phishing, or interception of authentication codes.
Moreover, passkeys are syncable across devices and operating systems, allowing users to access their accounts securely from any device. This flexibility in authentication methods enhances user convenience while maintaining a high level of security for AWS accounts.
AWS encourages users to adopt passkeys as their MFA method, as they offer a seamless and secure authentication experience. By leveraging existing security mechanisms such as fingerprint or facial recognition, users can easily set up passkeys for signing in to the AWS console.
Overall, AWS’s implementation of mandatory MFA and support for FIDO2 passkeys aim to strengthen account security and protect user data from potential threats. These measures reflect AWS’s commitment to providing a secure and reliable cloud platform for its customers.