Updated on 2022-09-05 GMT+08:00

How Do I Bind a Virtual MFA Device?

Multi-factor authentication (MFA) adds an extra layer of protection on top of your username and password. After you enable MFA-based login authentication, you need to enter a verification code after authenticating your username and password. MFA, together with your username and password, ensures the security of your account and resources.

MFA devices can be based on hardware or software. However, IAM supports only virtual MFA devices.

A virtual MFA device is an application that generates 6-digit codes in compliance with the Time-Based One-Time Password Algorithm (TOTP). MFA applications can run on mobile devices (including smartphones) and are easy to use.

Prerequisites

You have installed an MFA application (for example, Google Authenticator) on your mobile phone.

Procedure

  1. On the IAM console, choose Account Security Settings in the navigation pane.
  2. Click the Account Settings tab, and click Bind next to Virtual MFA Device.
  3. Set up the MFA application by scanning the QR code or entering the secret key.

    • Scan the QR code

      Open the MFA application on your mobile phone, and use the application to scan the QR code displayed on the Bind Virtual MFA Device page. Your account is then added to the application.

    • Enter the secret key
      Open the MFA application on your mobile phone, and enter the secret key.

      To ensure that you can perform MFA-based verification successfully, confirm that you have enabled the automatic time setup option on your mobile phone.

  4. View the verification code on the MFA application. The code is automatically updated every 30 seconds.
  5. On the Bind Virtual MFA Device page, enter two consecutive verification codes and click OK.