Multi-factor authentication becomes mandatory in AWS
Contents
Multi-factor authentication (MFA) is already mandatory at Google. Amazon Web Services is now following suit and also wants to make MFA mandatory for customers . The aim is to improve the security of data and customer accounts. Implementation is planned for mid-2024, with the obligation initially applying to all users with administrator rights.
Multi-factor authentication in AWS
It is already possible to protect your account in AWS using multi-factor authentication. This makes sense in any case. The classic password alone is hardly an obstacle to cyberattacks. However, MFA is not yet mandatory for AWS.
According to Amazon, this is set to change in mid-2024 when AWS introduces mandatory multi-factor authentication for user accounts. Initially, this MFA obligation will affect root accounts - i.e. all accounts of users with administrator rights.
Further customer accounts are to be converted to multi-factor authentication by the end of 2024. Amazon will inform users in good time about the changeover as soon as the relevant accounts are affected.
The aim of the MFA obligation is to increase security for the accounts and data of AWS customers. It is not yet clear which options AWS will provide for the implementation of multi-factor authentication. What should be certain is that the existing MFA options will remain in place. It remains to be seen whether AWS will add further options by mid-2024.
Currently, the MFA at AWS runs via an identity provider or the AWS Identity and Access Management (IAM). The following options are available for MFA:
- FIDO security key: A hardware key that is connected to the end device via USB to prove the identity of the user via multi-factor authentication.
- Virtual authentication apps: Authentication takes place via a mobile device such as a smartphone on which the app is installed. This usually involves the "Time-Based One-Time Password" (TOTP) method, in which a one-time password completes multi-factor authentication within a few seconds. The password changes every few seconds so that unauthorized persons cannot intercept and use it.
- Hardware TOTP token: Like the apps, but in hardware form. For example, as a key fob or display card device that generates and displays the unique authentication code.
Implementing the obligation for multi-factor authentication with skill it
Multi-factor authentication is already mandatory with other providers. In a way, AWS is late with its advance towards greater security for customer accounts.
Google introduced the MFA obligation back in December 2021. The US software provider Salesforce followed suit in February 2022.
In May 2022, Microsoft pointed out that MFA offers more security for accounts and data in order to encourage its own customers to set up multi-factor authentication. However, MFA is not yet mandatory for Microsoft services.
You don't have to wait until mid-2024 to implement multi-factor authentication in AWS. The options have long been available and are just waiting for you to use them now on a voluntary basis.
In our Security Engineering on AWS training , we show you how to set up the MFA in AWS. In addition, this three-day course will provide you with insights into the security options of AWS, use different applications within AWS and complete practical exercises on data security.
The target group for this training is people in the field of cyber security or data analytics who are already familiar with AWS. The course prepares you to obtain the "AWS Certified Security - Specialty" certificate.
