- Home
- »
- AWS Documentation
- »
- IAM
- »
- Ensure MFA is enabled for all IAM users with a console password
MFA is not enabled for all IAM users with a console password
Description
Multi-Factor Authentication (MFA) provides increased security to a user name and password. Users must possess a registered device that emits a time-sensitive key and have knowledge of a credential to authenticate successfully. When a user with MFA enabled signs in to an AWS website, they will be prompted for their user name, password and an authentication code from their AWS MFA device.
We recommend enabling MFA for all IAM users that have accounts with a console password.
Example
The AWS Support Center provides technical support, customer services, and is used for incident notification and response. You should create a dedicated IAM account role to allow authorized users to manage incidents and communicate with the AWS Support Center. This role should have MFA enable