The page also links to this OTP fob (effective but annoying) and this OTP card, but YubiKey seems to the preferred route moving forward. Other hardware devices ( Trezor, self-signed attestation, etc.) are not yet supported for MFA usage. YubiKeys can be used for multiple accounts where in a one-time password (OPT) in an auth app you need to have a new entry for each login.Īmazon links their MFA page to this specific Yubico security key (affiliate link) which sells for $40. Hardware security devices like the YubiKey are useful for multiple devices, don’t require an app, have native support in all popular browsers, and now have an excellent track record of security success.
This was a long-awaited announcement, as multiple companies (most notably Google) have come to recognized the effectiveness of what’s known as U2F (Universal 2nd Factor) authentication. On SeptemAmazon announced YubiKey support for AWS.
This might be obvious given the limitations of those interfaces, but it’s worth mentioning since those are important ways people interact with their AWS account! YubiKey and U2F on AWS Important Note: Keep in mind that MFA is supported by the AWS console, but not by the CLI or API. We’ll run quickly through the options and then talk about how to setup your multi-factor auth. If you don’t need any explanation hop on down to it for some quick answers to your security questions. You can see it all in the chart placed at the bottom of this article (it’s big). It outlines much of what you’ll want to know. With the loss of SMS authentication at the end on January 2019 it’s debatable whether Amazon will have multi-factor (as in more than two) or two-factor authentication but we’ll avoid the semantics from this point forward and use the term that seems best in a given scenario.ĪWS’ multi-factory authentication home is here. Two-factor authentication (TFA or 2FA) is great, but when additional security levels are possible and they can be done almost seamlessly, they make total sense. So you’re going to want to lock down access to accounts as thoroughly as possible, which means multi-factor authentication of user logins.Īnd yes, that’s mutli-factor (MFA), not two-factor. But if your account is compromised (and you don’t have proper permissioning / IAM) things can go very bad very quickly. The centralization provided by AWS is great - all your web services are in one place with one bill.
0 kommentar(er)
