AWS Adds Passkey Support For Enhanced Security, Enforces MFA For Root Users
InfoQ, Monday, July 1st, 2024
AWS has recently announced two new security features. First, passkeys can now be used for multi-factor authentication (MFA) for root and IAM users, providing additional security beyond just a username and password.
Second, AWS now requires MFA for root users, starting with the root user account in an AWS Organization. This requirement will be expanded to other accounts throughout the year.
Sebastien Stormacq, principal developer advocate at AWS, discussed these announcements related to MFA in a blog post. Stormacq stated that a passkey, used in FIDO2 authentication, is a pair of cryptographic keys created on your device when you sign up for a service or website. It consists of two linked cryptographic keys: a public key stored by the service provider and a private key stored securely on your device (like a security key) or synced across your devices through services like iCloud Keychain, Google accounts, or password managers like 1Password.