Amazon Web Services (AWS) is implementing mandatory multi-factor authentication (MFA) for its most privileged accounts to enhance security. Starting from July, standalone account root users must enable MFA for AWS Management Console access. This move aims to combat increasing credential-based attacks by ensuring an extra layer of security. Users will have a 30-day grace period to comply. AWS also introduced support for FIDO2 passkeys for easier and more secure authentication.
Link to article: The Register
This is a persistent issue for nearly all companies, whether using or providing services. I applaud AWS’s efforts in this case. For previous clients, I was appalled that a financial vendor (who shall remain nameless) did not provide an acceptable MFA or SSO solution for their products. I successfully built a case and leveraged my client’s resources to pressure the company to make substantial changes in their authentication services. Such situations are far too common and unacceptable, leading to compromises like the recent Snowflake single-credential use breaches.
Providers need to do more and follow Amazon’s lead in enforcing MFA on root accounts. I’m a big fan of creating flexible yet firm policies regarding vendor engagement and making tools available to my teams to upgrade and implement as easily as possible. This includes building maintenance time into their busy development and implementation timelines.
We offer quick consultations and assessments to address issues like this without disrupting your team’s workflow.
Contact us for more information.
#CloudSecurity #AWS #MFA #CyberSecurity #TechNews #Infosec #Authentication #AWSManagement
