Security News > 2023 > October > Amazon: AWS root accounts must have MFA enabled
Amazon wants to make it more difficult for attackers to compromise Amazon Web Services root accounts, by requiring those account holders to enable multi-factor authentication.
The root account holder is the first identity created when creating an AWS account and the most privileged user, as it has access to all AWS services and resources in the account.
The requirement to enable MFA for the root user of an AWS Organizations management account will kick in by mid-2024.
Some account holders can get a free MFA security key from Amazon.
AWS customers can register up to eight MFA devices per account root user or per IAM user in AWS, Amazon Chief Security Officer Steve Schmidt pointed out.
"While the requirement to enable MFA for root users of Organizations management accounts is coming in 2024, we strongly encourage our customers to get started today by enabling MFA not only for their root users, but for all user types in their environments," he added.