You are currently viewing Multi-factor Authentication using IAM

Multi-factor Authentication using IAM

Loading

In this blog, you will learn about Multi-Factor Authentication using IAM. Find out how to make security better by needing more than one way to prove who you are before you can access sensitive systems and information.

What is Multi-factor Authentication

Multiple Factor Authentication, or MFA, is a security feature that asks users to prove their identity in two or more ways before they can access a system, app, or account.

Something the user knows (password), something the user has (security token or smartphone), and/or something the user is (biometric verification) are all used together to make security better by making sure that only allowed users can get to private data.

This multi-layered method makes it much less likely that someone will get in without permission, even if one of the authentication factors is lost or stolen.

Note that You can attach 8 MFA devices per user.

Steps to implement Multi-factor Authentication using IAM

First of all you have to login to AWS Management console.

Next step is to search for IAM and create a user. You can read our previous blog in order to do that. As you can see that the MFA is disabled currently.

If you don’t know how to create a user a user in IAM you can Read this blog https://www.dataspoof.info/post/how-to-create-aws-iam-user-and-assigning-permission/

Click on the temporary_user.

Go to the Security credentials.

In the Security credentials you can see the Multi factor authentication option. You have to click on Assign MFA device.

Give your device a name and choose the MFA device as Authentication app. In your android mobile install Google Authenticator app.

There are also different choices for MFA devices.

Passkey or Security Key– For this you have to pair your Bluetooth device in order to authenticate. 

Authenticator app—There are different authenticator apps you can get for your phone, and when you log in to the AWS Management panel, you’ll get an OTP on that app. There are many authenticator apps are present such as Google authenticator, Microsoft authenticator and many more.

A hardware TOTP token, also known as a Time-Based One-Time Password, or TOTP token. One-time passwords that are based on time are made by a real gadget. Most of the time, these passwords are used for two-factor authentication (2FA). Most of the time, this kind of OTP is only available for 30 seconds. Remember that there is a cost associated with this type of token such as paying an upfront cost per device. The price can be range from 20$ to 100$. If a token is lost or damaged, there may be additional costs for replacement.

Now scan this code using the Authenticator app and Enter the OTP generated and click on Add MFA. Second OTP is generated after the 30 second from the first OTP.

Now you have successfully enabled the MFA.

After that when you logout and login again into the AWS management console. It will ask you the OTP generated on your Google Authenticator APP. By doing this you are adding an extra level of security on your AWS account.

Conclusion

In conclusion, Multi-Factor Authentication (MFA) is an important security tool that makes it harder for people who aren’t supposed to be there to get in. Using IAM to implement MFA makes defenses stronger and protects private information well.

If you like this blog, you can share it with your friends or colleague. You can connect with me on social media profiles like LinkedIn, Twitter, and Instagram.