The centralization provided by AWS is great — all your web services are in one place with one bill. But if your account is compromised (and you don’t have proper permissioning / IAM) things can go very bad very quickly. So you’re going to want to lock down access to accounts as thoroughly as possible, which means multi-factor authentication of user logins.
And yes, that’s mutli-factor (MFA), not two-factor. Two-factor authentication (TFA or 2FA) is great, but when additional security levels are possible and they can be done almost seamlessly, they make total sense. With the loss of SMS authentication at the end on January 2019 it’s debatable whether Amazon will have multi-factor (as in more than two) or two-factor authentication but we’ll avoid the semantics from this point forward and use the term that seems best in a given scenario.
Sal September 26th, 2018
Posted In: AWS
Tags: Authentication, IAM, Universal 2nd Factor