Security News > 2024 > June > AWS adds passkeys support, warns root users must enable MFA
As announced last October, the internet company reminds us that 'root' AWS accounts must enable MFA by the end of July 2024.
Passkeys on AWS. FIDO2 passkeys are physical or software-based authentication solutions that leverage public key cryptography to sign a challenge sent by the server used for verifying the authentication attempt.
Amazon says its implementation allows the flexibility of creating syncable software passkeys to add as an MFA method for AWS accounts, unlocking them through Apple Touch ID on the iPhone, Windows Hello on the laptop, and others.
The internet company says those vulnerable to phishing and social engineering attacks should consider using passkeys for accessing AWS consoles but notes that, ultimately, any form of MFA is better than nothing.
Mandatory MFA usage will begin with standalone root account users starting in July 2024, with the rollout impacting a small number of customers initially and gradually expanding over several months to give users a grace period.
Root users of member accounts in AWS organizations and general user accounts will not be immediately required to activate an MFA step, though they're strongly encouraged to do so for optimal security.
News URL
Related news
- AWS is pushing ahead with MFA for privileged accounts. What that means for you ... (source)
- From passwords to passkeys: Enhancing security and user satisfaction (source)
- Google Advanced Protection Program gets passkeys for high-risk users (source)
- Google Adds Passkeys to Advanced Protection Program for High-Risk Users (source)