Posted On: Nov 16, 2022

AWS Identity and Access Management (IAM) now supports multiple multi-factor authentication (MFA) devices for root account users and IAM users in your AWS accounts. This provides additional flexibility and resiliency in your security strategy by enabling more than one authentication device per user. You can choose from one or more types of hardware and virtual devices supported by IAM.

MFA is one of IAM’s leading security best practices to provide an additional layer of security to your account, and we recommend that you enable MFA for all accounts and users in your environments. Now it is possible to add up to eight MFA devices per user, including FIDO security keys, software time-based one-time password (TOTP) with virtual authenticator applications, or hardware TOTP tokens. Configuring more than one device provides flexibility if a device is lost or broken, or when managing access for geographically diverse teams. 

This feature is available now in all AWS Regions, except AWS GovCloud (US) Regions AWS China (Beijing) Region, operated by Sinnet, and the AWS (Ningxia) Region, operated by NWCD. To learn more about using multiple MFA devices in AWS, get started by visiting the launch blog post and the MFA documentation