Amazon Web Services is upping the ante on the security front with important new changes for AWS and Identity and Access Management (IAM) users. Announcing the changes in a blog post published earlier this week, the company's Liam Wadman and Khaled Zaky announced that users can now add more than one multi-factor authentication (MFA) device to AWS account root users. and to IAM users in their AWS accounts.
Until now, there could only be one MFA endpoint associated with root users or IAM users, but now Amazon has increased that to eight, a change that "raises the bar for security," as the authors say.
To register multiple MFA devices, in any combination of currently supported MFA types, here are the steps:
- Sign in to the AWS Management Console
- If you are configuring for a root user, select My security credentials.
- If you are configuring for an IAM user, choose Security credentials.
- For multi-factor authentication (MFA), choose Assign MFA device.
- Select the type of MFA device you want to use, then choose Next.
available today
However, having multiple MFA devices active doesn't mean that they all need to confirm someone's login session. Only one MFA device is needed to log in to the console or create a session via the AWS command line interface (AWS CLI) as a principal, the authors explained.
Additionally, this update does not guarantee any changes to permissions. Root and IAM users of accounts managing MFA devices can today use their existing IAM permissions to activate additional devices.
Except for customers operating in the AWS GovCloud (US) Regions or AWS China Regions, the new feature is now available at no additional cost.
Multi-factor authentication is widely considered one of the most important features of a secure account for all online services. This technology complements password managers and has been deployed to billions of accounts around the world, including the largest service providers: Google, Facebook, Microsoft, and many more.