AWS widening scope of MFA programme after early success | Computer Weekly – Easy Method

Explore Something New: AWS widening scope of MFA programme after early success | Computer Weekly Let’s jump right in! We’re diving into some must-see info about AWS widening scope of MFA programme after early success …

AWS widening scope of MFA programme after early success | Computer Weekly – Easy Method

Explore Something New: AWS widening scope of MFA programme after early success | Computer Weekly

Let’s jump right in! We’re diving into some must-see info about AWS widening scope of MFA programme after early success | Computer Weekly.

Amazon Web Services (AWS) is to widen the scope of a mandatory multi-factor authentication (MFA) programme it introduced earlier this year, after seeing strong uptake among customers and a slump in password-related phishing attacks.

The cloud giant made MFA compulsory for management account root users in the AWS Management Console beginning in May 2024, starting with its largest accounts. In June, it added support for FIDO2 passkeys as an MFA method to give users more options, and expanded the original requirement to include root users in standalone accounts, too.

According to AWS principal product manager of account protection Arynn Crow, over 750,000 root users have enabled MFA since April, with customer registration rates more than doubling since the addition of FIDO2 passkeys to the mix. She claimed the policy change had prevented “greater than 99%” of password-related attacks.

“At AWS, we’ve built our services with secure-by-design principles from day one, including features that set a high bar for our customers’ default security posture,” said Crow. “Strong authentication is a foundational component in overall account security, and the use of MFA is one of the simplest and most effective ways to help prevent unauthorised individuals from gaining access to systems or data.”

Based on this early success, AWS will now be expanding MFA requirements to member accounts in AWS organisations from Spring 2025.

“Customers who have not enabled central management of root access will be required to register MFA for their AWS Organizations member account root users in order to access the AWS Management Console,” said Crow.

“As with our previous expansions to management and standalone accounts, we will roll this change out gradually and notify individual customers who are required to take action in advance, to help customers adhere to the new requirements while minimising impact to their day-to-day operations.”

No more passwords anymore

On the back of its early successes with an MFA mandate, Crow said AWS was keen to do more to shore up security for its customers, and had recognised another opportunity to try to eliminate unnecessary passwords for good.

She said that on top of the run-of-the-mill security issues seen with standard passwords, attempting to secure password-based authentication was introducing too much operational overhead for AWS customers, especially those operating at scale or subject to regulatory requirements to rotate their credentials frequently.

As such, AWS has now launched a new capability to centrally manage root access for accounts managed in AWS Organizations, enabling them to cut down on the number of passwords they need to manage while still keeping control over the use of root principals.

Crow explained that customers can now turn on centralised root access with a quick configuration change – either in the identity and access management console or the AWS command line interface – and then remove the long-term credentials of member account root users.

“This will improve the security posture of our customers while simultaneously reducing their operational effort,” she concluded.

Why This Matters

  • Here’s a fun fact: This was brought to you by on 2024-11-18 15:45:00 from ComputerWeekly.com feed.
  • Check out an image: AWS widening scope of MFA programme after early success | Computer Weekly – Easy Method
  • Get the details at www.computerweekly.com

Love this? Don’t miss out on topics like .


Stay Updated: Follow us for more fun stuff! #LatestTrends

Leave a Comment

Index