What is Multi Factor Authentication - MFA
Beside the Password Policy you should also enable MFA
With MFA, in order to login you must have "password you know + security device you own"
-> if a password is stolen or hacked, the account is not compromised because hacker is not likely also stole your security device
MFA devices options in AWS
- Virtual MFA device
- Google Authenticator
- Authy
- ...
- Universal 2nd Factor (U2F) Security Key
- YubiKey by Yubico (3rd party)
- Hardware Key Fob MFA Device
- Provided by Gemalto (3rd party)
- Hardware Key Fob MFA Device for AWS GovCloud (US)
- Provided by SurePassID (3rd party)