Enable Multi-Factor Authentication in your AWS account

Category: Security

February 28, 2022 by Nick Triantafillou

To keep your AWS accounts secure, AWS recommends configuring multi-factor authentication, or MFA.

MFA adds an extra layer of security to your account because it requires an extra authentication token to login to the account, in addition to your existing username and password. There are multiple token types AWS supports to secure your account: Virtual MFA devices, U2F security keys and hardware MFA devices.

Lets take a look at how to enable MFA on a user account using a virtual MFA device. In this case we'll be using Authy.

We begin in the Identity and Access Management (IAM) Console where we click on the users username.

mfa1

Select the "Security Credentials" tab, and then next to "Assigned MFA device", click on "Manage"

mfa2

As mentioned earlier, we're going to use a Virtual MFA device

mfa3

Now we can either scan the QR code with the Authy app, or click "Show secret key" to show the key, and then we enter in two consecutive MFA codes in the provided boxes.

mfa4

and that's all we have to do! Now when we try to login to our AWS account we'll be prompted for our extra MFA token, which can easily be read from the Authy desktop or mobile app

mfa5

Enabling MFA on your admin accounts is one of your first steps towards properly securing your AWS account, and it’s one of the first things we do when delivering our Security Platform. Want to learn more? Contact us here!