What is AWS Multi-Factor Authentication?


If you do use AWS (Amazon Web Services) to cloud enable your business, you should be very interested in the security services provided in the AWS Identity and Access Management module.

Let’s start with the simple interactive access where you, your administrator, or your developer can sign on to the AWS console and update services and code as needed by their role.

One simple added security from AWS is MFA (Multi-Factor Authentication).

This basically provide a 2 factor authentication level, based on the classic concept of a secret that you know, and a dynamic generated secret that you have.

The secret that you know is usually your password, which is your first line of defense.  As we know password are vulnerable and sometime easy to guess, it can sometime be compromised.

The secret that you have used to be a hardware device like a physical secure token, nowadays virtual secure token are available as an app that you can install on your mobile device.  For AWS, a simple way to get all setup is by using the Google Authenticator app which is free.

If you are interested in more details, here is a link to How to enable MFA devices for AWS?

Once you pair and enable the virtual device.  When you logon to the AWS console, you will need to first provide you password, and then the six-digit authentication code that you generate from the app.  Please note that the time-based one-time authentication code expire after a short period of time, what is neat is that the app will continue to update the code for you, just remember to check for the latest code.

Here is a nice introductory video about Google 2-Step Verification: