close

2024 AWS MFA Requirements

High-security MFA requirements are the top priority for AWS in 2024

Users familiar with AWS are no strangers to the Multi-Factor Authentication (MFA) service, which is essential for ensuring account security. Enabling MFA effectively verifies that the login identity is authenticated through a device bound to MFA, adding an extra layer of security and significantly reducing the possibility of unauthorized access to accounts and data. It is expected that starting from mid-2024, AWS will gradually notify account users through various channels that MFA will be mandatory for all accounts. This requirement will begin with the most privileged account users, such as the Root User managing accounts using AWS Organization, who will be required to enable MFA when logging into the AWS Management Console.

AWS phased MFA requirement plan

In addition to requiring the Root User managing accounts using AWS Organization to enable MFA, AWS also plans to expand the scope of the MFA requirement plan in 2024, including standalone accounts (accounts outside of AWS Organization).

AWS's MFA plan actually began to be promoted three years ago:

Autumn 2021 → Provided eligible AWS account users in the United States with free MFA security keys

November 2022 → Introduced support for registering up to 8 MFA devices for Root Users and IAM Users

Starting mid-2024 → Gradually expanding the scope of MFA requirements, starting from the most privileged account users

Although AWS will initially require the Root User managing accounts using AWS Organization to enable MFA in 2024, AWS strongly recommends that every AWS account user choose to enable any form of MFA from today. Regardless of the type of account user, whether Root User or various types of IAM Users in their environment, MFA can be enabled. Root Users can enable MFA in the Management Console, while IAM Users can enable MFA in the AWS IAM Identity Center. Multiple MFA options can be enabled simultaneously, such as security keys, authentication apps, etc. Detailed MFA operations can be found in the user guide provided by AWS Identity and Access Management.
 

Source:AWS 官方安全部落格 - 〈Secure by Design: AWS to enhance MFA requirements in 2024〉

https://aws.amazon.com/tw/blogs/security/security-by-design-aws-to-enhance-mfa-requirements-in-2024/

share to