MFA Overview
What Is Multi-Factor Authentication (MFA)?
Multi-factor authentication (MFA) is a popular method that adds an additional layer of authentication on top of the username and password. If you enable MFA authentication, users need to enter the username and password as well as a verification code before they can log in to the console.
To improve security, you are advised to enable MFA in IAM Identity Center.
Supported MFA Devices
IAM Identity Center supports the following MFA devices:
- Authenticator App
An Authenticator App is a virtual MFA device that can generate 6-digit verification codes in compliance with the Time-based One-time Password Algorithm (TOTP). MFA devices can be hardware- or software-based. Currently, software-based virtual MFA devices are supported. They are application programs running on smart devices such as mobile phones.
- Security key:
A security key is a FIDO2-compatible external hardware authenticator that you can purchase and connect to your device via USB, BLE, or NFC. When you are prompted for MFA, you only need to touch a hardware security key such as YubiKey to verify your identity. The most common security keys (including YubiKey) can create device-bound FIDO credentials.
FIDO2 is a standard based on public key cryptography. It includes CTAP2 and WebAuthn. FIDO credentials have phishing-resistant capabilities because they are unique to the website.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot