Updated on 2025-05-22 GMT+08:00

SEC02-01 Account Protection

An account, which is the highest-privileged user in the Huawei Cloud tenant account system, has the highest permissions on the entire cloud environment. If an account is attacked or leaked, serious security problems and data leakage may occur. Therefore, it is vital to protect the account for the security of identity authentication.

  • Risk level

    High

  • Key strategies
    • Strong passwords: Use strong passwords to protect accounts. The password should be long and complex enough, and consist of digits, letters, and special characters.
    • MFA: Enable MFA to enhance account security. MFA requires additional identity authentication beyond just passwords, improving account security.
    • Limited routine operations: Create an IAM user and use it for routine management, rather than using accounts directly. Accounts should be used only for key operations, such as creating IAM users or modifying permissions.
    • Using temporary credentials and rotating them periodically: Periodically change the password of the account and update the MFA device to reduce the risk of the credentials being guessed or embezzled.
    • Enabling audit logs: Enable audit logs to monitor account activities. This can help you detect abnormal behaviors and take measures in a timely manner.
    • Multi-account management: You need to specify an account as the main account (enterprise master account), and use this account to add member accounts (enterprise member accounts). The security of main account is prior to that of member accounts.
  • Related cloud services and tools