AWS customers will be required to use MFA to log into their AWS Management Console starting mid-2024 in a move designed to strengthen the security posture of AWS.
The decision was focused on strengthening the default security posture of AWS customers’ environments, beginning with the most privileged users in their accounts.
Beginning in mid-2024, customers signing into the AWS Management Console with the root user of an AWS Organizations management account will be required to enable MFA to proceed, Customers who must enable MFA will be notified of the upcoming change through multiple channels, including a prompt when they sign into the console.
The MFA requirement will not stop at AWS Management Console. AWS plans to expand the requirement for MFA to additional scenarios, including standalone accounts, those outside an organization in AWS organizations, also eventually being required to use MFA as well.
Many companies and accounts require MFA to log in, but where the AWS news is different is that it will be compulsory starting next year. For AWS customers that don’t want to wait to be forced to use MFA, Schmidt notes, the option is available now.
You can visit our AWS Identity and Access Management user guide to learn how to enable MFA on AWS now, and eligible customers can request a free security key through our ordering portal, We recommend that everyone adopts some form of MFA and additionally encourage customers to consider choosing forms of MFA that are phishing-resistant, such as security keys.