Security News > 2023 > October > Amazon to make MFA mandatory for 'root' AWS accounts by mid-2024
Amazon will require all privileged AWS accounts to use multi-factor authentication for stronger protection against account hijacks leading to data breaches, starting in mid-2024.
Amazon has been offering free MFA security keys for eligible AWS customers in the United States since 2021 and added more flexible MFA options on the platform in November 2022, allowing the registration of up to 8 MFA devices per account.
"Beginning in mid-2024, customers signing in to the AWS Management Console with the root user of an AWS Organizations management account will be required to enable MFA to proceed," reads Amazon's announcement.
Amazon has also said that this requirement will be expanded to additional accounts and use-case scenarios as they release new features that will make MFA adoption and management at scale easier.
Finally, Amazon recommends that customers pick phishing-resistant MFA technologies like security keys, although MFA authentication apps also work.
W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA. Amazon AWS distances itself from Moq amid data collection controversy.