A new security layer for Amazon Web Services (AWS) users will require customers to use multi-factor authentications.
In a blog post published Oct. 3, Amazon Chief Security Officer Steve Schmidt wrote that users accessing the AWS Management Console would have to use the process to log on “beginning in mid-2024.”
“Customers signing in to the AWS Management Console with the root user of an AWS Organizations management account will be required to enable MFA to proceed,” Schmidt wrote. “Customers who must enable MFA will be notified of the upcoming change through multiple channels, including a prompt when they sign in to the console.”
Users can enable MFA now, Schmidt said, by reviewing the AWS Identity and Access Management (IAM) user guide. He added that Amazon has offered AWS users a free MFA security key and the option to connect up to eight devices for multi-factor authentication.
“We recommend that everyone adopts some form of MFA, and additionally encourage customers to consider choosing forms of MFA that are phishing-resistant, such as security keys,” Schmidt wrote. “While the requirement to enable MFA for root users of Organizations management accounts is coming in 2024, we strongly encourage our customers to get started today by enabling MFA.”
The move is part of a push by Amazon to secure customer information as AWS and cloud services in general continue to dominate the data management sector. AWS partner Sentinel Technologies’ national director of enterprise architecture and innovation Michael Soule told CRN that AWS is well set up for MFA implementation, given that it’s been proactive in getting users ready for the change.
“This certainly shows a security-first mindset,” Soule said. “Use of MFA on emergency access accounts has been challenging given their shared nature.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.