Amazon Web Services raises the bar on security with new and important changes for AWS and Identity and Access Management (IAM) users. The company’s Liam Wadman and Khaled Zaky announced the changes in a blog post published earlier this week, announcing that users can now add more than one multi-factor authentication (MFA) device to AWS account root users and IAM users to their AWS accounts.
Until now, only one MFA endpoint could be associated with root users or IAM users, but now Amazon has brought it up to eight, a change that “raises the security bar,” as the authors put it.
To register multiple MFA devices, in any combination of the currently supported MFA types, here are the steps:
- Sign in to the AWS admin console
- If you are setting up for a root user, choose My Security Credentials.
- If you are setting up for an IAM user, choose Security Credentials.
- For Multi-factor authentication (MFA), choose Assign MFA device.
- Select the type of MFA device you want to use and choose Next.
However, having multiple MFA devices doesn’t mean they all have to confirm someone’s login session. Only one MFA device is needed to log into the console or create a session through the AWS Command Line Interface (AWS CLI) as that client, the authors explained.
In addition, this upgrade does not warrant permission changes. Both root and IAM users in the accounts that currently manage MFA devices can use their existing IAM permissions to enable additional devices.
With the exception of customers operating in AWS GovCloud (US) regions or AWS China regions, the new feature is available now with no additional usage fees.
Multi-factor authentication is widely regarded as one of the most important features of a secure account for all online services. This technology complements password managers and has been rolled out to billions of accounts around the world, including the largest service providers – Google, Facebook, Microsoft and more.