AWS Identity and Access Management (IAM) best practice is to require all IAM and root users in your account to sign into the AWS Management Console with multi-factor authentication (MFA). When MFA is enabled, AWS prompts users for their username and password (the first factor – what they know) and also provides an authentication challenge such as one-time passcode (OTP) to their MFA device (the second factor – what they have). Now you can enable a YubiKey security key (manufactured by Yubico, a third party provider) as your users’ MFA device.
Published At
