+1 vote
in AWS Access Management by
If I enable AWS MFA for my AWS root account or my IAM users, do they always have to use MFA to sign in to the AWS Management Console?

1 Answer

0 votes
by

Yes. The AWS root credential user and IAM users must have their MFA device with them any time they need to sign in to any AWS website.

If your MFA device is lost, damaged, stolen, or not working, you can sign in using alternative factors of authentication, deactivate the MFA device, and activate a new device. As a security best practice, we recommend that you change your root account's password.

If your IAM users lose or damage their MFA device, or if it is stolen or stops working, you can disable AWS MFA yourself by using the IAM console or the AWS CLI.

Related questions

+1 vote
asked Oct 24, 2021 in AWS Access Management by Robin
+1 vote
asked Oct 24, 2021 in AWS Access Management by Robin
...