ACCT.05 Require multi-factor authentication to log in

With multi-factor authentication (MFA), users have a device that generates a response to an authentication challenge. Each user's credentials and device-generated response are required to complete the sign-in process. Enable MFA for AWS account access, especially for long-term credentials such as the account root user and IAM users.

To set up MFA for the root user

Sign in to the AWS Management Console.
Choose your account name, and then choose Security credentials.
On the Security credentials page, under Multi-factor authentication (MFA), choose Assign MFA device.
Follow the steps to configure your MFA device. For more information, see Multi-factor authentication for AWS account root user in the IAM documentation.

To set up MFA in IAM Identity Center

See Enable MFA in the IAM Identity Center documentation.

To set up MFA for your own IAM user

Sign in to the IAM console.
Choose your user name, and then choose Security credentials.
On the Security credentials tab, under Multi-factor authentication (MFA), choose Assign MFA device.
Follow the steps to configure your MFA device. For more information, see AWS Multi-Factor Authentication in IAM in the IAM documentation.

To set up MFA for other IAM users

Sign in to the IAM console.
In the navigation pane, choose Users.
Choose the name of the user for whom you want to enable MFA, and then choose the Security credentials tab.
Under Multi-factor authentication (MFA), choose Assign MFA device.
Follow the steps to configure the MFA device. For more information, see AWS Multi-Factor Authentication in IAM in the IAM documentation.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ACCT.04 Assign permissions

ACCT.06 Enforce a password policy