Secure by Design: AWS to enhance MFA requirements in 2024

Safety is our prime precedence at Amazon Net Providers (AWS). To that finish, I’m excited to share that AWS is additional strengthening the default safety posture of our clients’ environments by requiring using multi-factor authentication (MFA), starting with essentially the most privileged customers of their accounts. MFA is likely one of the easiest and handiest methods to boost account safety, providing a further layer of safety to assist stop unauthorized people from having access to techniques or knowledge.

Starting in mid-2024, clients signing in to the AWS Administration Console with the basis person of an AWS Organizations administration account will likely be required to allow MFA to proceed. Clients who should allow MFA will likely be notified of the upcoming change by means of a number of channels, together with a immediate after they register to the console.

We’ll increase this program all through 2024 to further eventualities resembling standalone accounts (these exterior a corporation in AWS Organizations) as we launch options that make MFA even simpler to undertake and handle at scale. That mentioned, there’s no want to attend for 2024 to reap the benefits of the advantages of MFA. You may go to our AWS Id and Entry Administration (IAM) person information to learn to allow MFA on AWS now, and eligible clients can request a free safety key by means of our ordering portal.

Verifying that essentially the most privileged customers in AWS are protected with MFA is simply the newest step in our dedication to repeatedly improve the safety posture of AWS clients. To assist extra clients get began on their MFA journey, in fall 2021, we started providing a free MFA safety key to eligible AWS account house owners in the USA. And in November 2022, we launched assist for purchasers to register as much as eight MFA gadgets per account root person or per IAM person in AWS, creating further flexibility and resiliency to your MFA technique.

We advocate that everybody adopts some type of MFA, and moreover encourage clients to contemplate selecting types of MFA which might be phishing-resistant, resembling safety keys. Whereas the requirement to allow MFA for root customers of Organizations administration accounts is coming in 2024, we strongly encourage our clients to get began right this moment by enabling MFA not just for their root customers, however for all person varieties of their environments. For instance, you possibly can allow a number of MFA choices, together with passkeys and authenticator apps, for AWS IAM Id Middle. You may go to our AWS IAM Id Middle MFA person information to study extra.

 When you’ve got suggestions about this submit, submit feedback within the Feedback part beneath. When you’ve got questions on this submit, contact AWS Help.

Need extra AWS Safety information? Comply with us on Twitter.

Steve Schmidt

Having joined Amazon in February 2008, Steve is the present chief safety officer for Amazon. He leads the knowledge safety, bodily safety, safety engineering, and regulatory program groups. From 2010 to 2022, Steve was the chief data safety officer for Amazon Net Providers (AWS). Previous to becoming a member of Amazon, Steve had an in depth profession on the FBI, the place he served as a senior govt. His tasks there included a time period as performing chief know-how officer, overseeing growth and operation of technical assortment and evaluation, and because the part chief overseeing the FBI Cyber Division parts answerable for laptop and community intrusion technical investigation.