How Do I Bind a Virtual MFA Device?

Multi-factor authentication (MFA) adds an extra layer of protection on top of your username and password. After MFA authentication is enabled, you need to enter verification codes after your username and password are authenticated. MFA, together with your username and password, ensures the security of your account and resources.

MFA devices can be based on hardware or software. However, IAM supports only virtual MFA devices.

A virtual MFA device is an application that generates 6-digit codes in compliance with the Time-Based One-Time Password Algorithm (TOTP). MFA applications can run on mobile devices (including smartphones) and are easy to use.

Prerequisites

You have installed an MFA application (for example, Google Authenticator) on your mobile phone.

Procedure

On the IAM console, choose Security Settings in the navigation pane.
On the Critical Operations tab, click Bind next to Virtual MFA Device.
Set up the MFA application by scanning the QR code or entering the secret key.
- Scan the QR code
  Open the MFA application on your mobile phone, and use the application to scan the QR code displayed on the Bind Virtual MFA Device page. Your account is then added to the application.
- Enter the secret key
  Open the MFA application on your mobile phone, and enter the secret key.
  
  To ensure that you can perform MFA-based verification successfully, confirm that you have enabled the automatic time setup option on your mobile phone.
View the verification code on the MFA application. The code is automatically updated every 30 seconds.
On the Bind Virtual MFA Device page, enter two consecutive verification codes and click OK.