Multi-Factor Authentication (MFA) is a best practice to enhance security. So what is MFA? MFA is an authentication method in which a user is granted access only after successfully presenting two or more pieces of factors (or evidence) to an authentication mechanism. Factor types could include:

• Knowledge – things the user knows (e.g. User-name and password, PIN, etc.)
• Possession – things the user has (e.g. Smartphone, badge, etc.)
• Inherence – things the user is (e.g. Fingerprints, voice, etc.)

A good MFA uses at least two factors (or called 2FA), that belong to two different factor types. Say for example, when you’re already using a user name and password, adding a fingerprint authentication is more secure than using a PIN as the second factor, as PIN and user name and password are in the same factor type

On AWS, MFA can be enabled and is recommended for all IAM users to improve security. The use of Virtual MFA Application, such as Google Authenticator or Microsoft Authenticator installed on users’ smartphones, is the common and secure way to add as another factor on top of user-name and password. We help our customer set up MFA for IAM users to enhance the overall security and protect production environments.