AWS adds Passkeys support, makes 2FA mandatory for root accounts
Amazon Web Services (AWS) is upping its security measures. AWS is launching support for FIDO2 Passkeys as a method for multi-factor authentication (MFA). And as of next month, root users of standalone accounts will be required to use two-factor authentication (2FA)
FIDO2 Passkeys are a relatively new authentication method to log in to your online accounts. Instead of using the traditional username and password combination, Passkeys rely on your device to protect your accounts. In order to sign in, you’ll have to use your mobile phone’s facial recognition, fingerprint sensor or PIN code, or Windows Hello if you’re on a PC.
Passkeys are based on WebAuthn, which is short for Web Authentication. That means two keys are created in order to authenticate a user’s identity: a public key, which is stored on the website where your account is, and a private key, which resides on your device. If both keys match, your identity is verified and you’ll gain access to your online account.
One of the advantages of Passkeys is that they are resistant to phishing and man-in-the-middle attacks. They are also syncable, support multiple devices and operating systems, and provide strong authentication.
Balance between usability and strong security
“As a member company of the FIDO Alliance, we continue to work with FIDO to support the evolution and growth of strong authentication technologies, and are excited to enable this new experience for FIDO technology that provides a good balance between usability and strong security,” Amazon says in a blog post.
The tech company stresses that anyone vulnerable to phishing and social engineering should consider MFA. Migrating to syncable Passkeys should depend on an organization’s uses and requirements. According to Amazon, Passkeys provide “the highest level of security assurance” for customers.
Mandatory MFA usage will start in July with AWS Organizations root users of standalone accounts when signing in to the AWS Management Console. We’re talking about employees with the highest level of access to a company’s AWS account.
This change will start with a small number of customers and gradually increase over the next few months. It does not apply to the root users of member accounts and general users in AWS Organizations. They are, however, encouraged to opt for optimal online security.
The MFA requirement is expected to go into effect for other user categories as well. Details on these plans will be shared later this year. “Meanwhile, we strongly encourage you to adopt some form of MFA anywhere you’re signing in today, and especially phishing-resistant MFA, which we’re excited to enhance with FIDO2 Passkeys,” Amazon concludes.
Your email address will not be published. Required fields are marked