Updated on 2023-11-23 GMT+08:00

MFA Authentication

What Is MFA Authentication?

MFA authentication provides an additional layer of protection on top of the username and password. If you enable MFA authentication, users need to enter the username and password as well as a verification code before they can log in to the console.

MFA authentication can also be enabled to verify a user's identity before the user is allowed to perform critical operations.

MFA Authentication Methods

MFA authentication can be performed through SMS, email, and virtual MFA device.

Application Scenarios

MFA authentication is suitable for login protection and critical operation protection. If MFA authentication is enabled, the setting takes effect for both the management console and REST APIs.

  • Login protection: When you or an IAM under your account logs in to the console, you and the user need to enter a verification code in addition to the username and password.
  • Operation protection: When you or an IAM under your account attempts to perform a critical operation, such as deleting an ECS resource, you and the user need to enter a verification code to proceed.

For more information about login protection and critical operation protection, see Critical Operation Protection.