AWS Security Blog

New in October: AWS Security Awareness Training and AWS Multi-factor Authentication available at no cost

You’ve often heard us talk about security being “Job Zero” at Amazon, and today I’m happy to announce two new initiatives that I think will provide quick security wins for customers. The first initiative is the public release of the training we’ve developed and used to ensure our employees are up to date on how to protect themselves and our customers online: our Amazon Security Awareness training. This offering will include videos and online assessments, and the materials use proven neuroscience and adult learning principles to enhance content retention. Education remains a primary tool in addressing security challenges as we’re still seeing low-sophistication phishing techniques and social engineering contribute to the human errors that lead to large incidents. By making better choices in our daily work, we have the ability to foster a world of better security outcomes, so we’ll be releasing these materials, free of charge, in early October 2021.

The second area we felt we could meaningfully contribute to up-leveling internet security is on the authentication front. We know that one of the best defenses against sophisticated adversaries are hardware authentication tokens. As such, we’ve made the decision to offer all qualified AWS account holders access to a free multi-factor authentication (MFA) token. These MFA tokens will be offered at no additional cost. MFA offers layers of protection against malware, phishing, and session hijacking, while also providing the ability to connect with other token-enabled applications, such as popular webmail services. We’ve seen better security results when customers use MFA, so I’m pleased to be able to offer a complimentary hardware token to each qualifying AWS account.

We’ll provide details around both of these offerings as we get closer to October, which is Cybersecurity Awareness Month. For more information, check out Amazon Security Initiatives.

If you have feedback about this post, submit comments in the Comments section below.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.


Stephen Schmidt

Stephen is Vice President and Chief Information Security Officer for AWS. His duties include leading product design, management, and engineering development efforts focused on bringing the competitive, economic, and security benefits of cloud computing to business and government customers. Prior to AWS, he had an extensive career at the Federal Bureau of Investigation, where he served as a senior executive and section chief. He currently holds 11 patents in the field of cloud security architecture. Follow Steve on Twitter