1. Home
  2. Setting Up MFA Using Hardware Devices

Setting Up MFA Using Hardware Devices

Setting up MFA using one of the hardware device options is similar to that of virtual authentication applications. It involves the following slight changes:

  • Get a hardware MFA Device: To enable MFA authentication using one of the hardware devices you must first arrange one of these devices.
  • FIDO Security Keys: FIDO certified security keys are can be ordered for free from AWS console for US based customers. Other users can buy keys like Yubico for themselves. Then the process of adding these to their accounts is:
    • Login to the AWS Management console and in the Navigation bar on the upper right corner, select your account for which you wish to add the security key
    • . From the drop down shown below, choose the option security credentials.
    • This will take you to IAM Global console where you can manage the overall security of your account.

    • Next, on the AWS iam console, scroll down to see your MFA devices listed. Click on the add Assign MFA Device option.

    • Select a suitable name for your device and choose the option Security Keys from the list as shown below. Then click on Next.

    Enter a name

    • Next, connect the device to your computer. And tap it. This successfully configures your security key for use with AWS. Next time you login into your AWS account, you will need to use your security keys.

  • Hardware TOTP Tokens: To add these devices for MFA follow the following steps:
    • Login to the AWS Management console and in the Navigation bar on the upper right corner, select your account for which you wish to add the security key.
    • From the drop down shown below, choose the option security credentials.
    • This will take you to IAM Global console where you can manage the overall security of your account.

    • Next, on the AWS IAM console, scroll down to see your MFA devices listed. Click on the add Assign MFA Device option.

    • Select a suitable name for your device and choose the option Security Keys from the list as shown below. Then click on Next.

    • After clicking on next you will be taken to a new page where you will have to enter the serial number of your hardware device that is located on it’s back.
    • Fill in this serial number on the designated field. Start the device. You will see a six digit MFA code. Enter it into the first field and wait for 30 seconds.
    • A new MFA code will appear. Enter it into the second field and click on Add MFA button.
    • This successfully adds the TOTP hardware device to the account. Please refer the screenshot below for your reference.

How To Implement MFA For AWS Account

MFA stands for Multi-Factor Authentication. In AWS, it acts as a second layer of security to protect AWS accounts. Even if someone knows your password, they cannot access your account because they do not have your physical device. This is what it aims to achieve and it is a highly recommended security standard in organizations everywhere. Every account in AWS can have up to 8 security keys. In this article, we will understand how we can implement MFA in an AWS Account.

Similar Reads

Setting Up MFA In AWS Account

There are several physical device options to choose from when setting up MFA for your AWS account. These are:...

Steps To Create MFA for Root and IAM Users – Virtual MFA Devices

Step 1: Login to the AWS Management console and in the navigation bar on the upper right corner, select the account for which you wish to add the MFA device. From the drop down shown below, choose the option security credentials. This will take you to IAM Global console where you can manage the overall security of your account....

Setting Up MFA Using Hardware Devices

Setting up MFA using one of the hardware device options is similar to that of virtual authentication applications. It involves the following slight changes:...

Managing MFA Devices In AWS

AWS makes it quite simple to manage your MFA Devices. Each account in AWS can have up to 8 MFA devices at any given time. All these options can be managed from the AWS IAM console under the Multi-Authentication Devices section....

Best Practice Of MFA Security in AWS

Always add MFA devices for the root user and the IAM user. The physical security of your hardware devices is your responsibility. If you add them to your account and loose them, you will not be able to access your account. Consider adding multiple MFAs to secure your account. Incase you loose any one of your device, you will still be able to access your account and remove the device that you lost. Keep your MFA devices a secret. Never share the details of the specifics of your credentials with anyone. Always buy your MFA devices from authentic sources. Physical MFA devices that are plugged into your computer may have been tampered with. If you are the root user, make it a mandatory for your iam users to add MFA to their accounts. This safeguards your organization from many data breach attempts or hacking attempts where an intruder gains access to resources that he should not. Regularly resync your device to avoid running into any problems while you log in....

Troubleshooting Issues Of MFA Security In AWS

The issue that may arise with MFA devices is the asynchronous problem where your AWS account and your MFA device fall out of synch in time. This issue can be resolved from the AWS management console itself. To resync your MFA device, follow the following steps....

Disabling MFA For Root Users And IAM Users

To disable MFA devices, head over to the IAM console and under the MFA section, select the device you wish to remove. Then click on the Remove option....

Multi Factor Authentication (MFA) – FAQs

Can I Add Multiple MFA Devices To AWS Account?...

Categories

HTML CSS3 Bootstrap Foundation Sass JavaScript TypeScript JQuery AngularJS React NodeJS Highcharts PHP Python Python3 Django Linux Docker Ruby Java C C ++ Perl Servlet JSP Lua Scala Go ASP C # SQL MySQL SQLite MongoDB Redis Android Swift ionic Kotlin XML tutorial

Contact US