Amazon Web Services is upping the ante on the security front with new and important changes for AWS and Identity and Access Management (IAM) users. Announcing the changes in a blog post published earlier this week, the company’s Liam Wadman and Khaled Zaky announced that users can now add more than one multi-factor authentication (MFA) device to AWS account root users, and IAM users in their AWS accounts.
Up until now, there could only have been one MFA endpoint associated with root users or IAM users, but now Amazon brought it up to eight, a change which “raises the security bar”, as the authors put it.
To register multiple MFA devices, in any combination of the currently supported MFA types, these are the steps:
- Sign in to the AWS Management Console
- If setting up for a root user, choose My Security Credentials.
- If setting up for an IAM user, choose Security credentials.
- For Multi-factor authentication (MFA), choose Assign MFA device.
- Select the type of MFA device that you want to use and then choose Next.
Having multiple MFA devices active doesn’t mean they all need to confirm someone’s login session, though. Only one MFA device is needed to sign in to the console, or to create a session through the AWS Command Line Interface (AWS CLI) as that principal, the authors explained.
Furthermore, this upgrade does not warrant any changes in the permissions. Both root and IAM users in the accounts that manage MFA devices today can use their existing IAM permissions to enable extra devices.
With the exception of customers operating in AWS GovCloud (US) Regions, or the AWS China Regions, the new feature is now available, with no additional cost to use.
Multi-factor authentication is widely considered one of the most important features of a secure account for any online services. This technology complements password managers and has been rolled out across billions of accounts worldwide including the biggest service providers – Google, Facebook, Microsoft and more.