MFA provides an extra layer of security to your credentials and verifies users identity, as well as reduces the risk of phishing attacks.
2FACTOR AUTHENTICATION (2FA) : This is an authentication that requires two separate forms of identification. For example, password and a one-time code message sent via SMS.
HOW DOES MFA WORK?
MFA can be activated using a key fob device which generate code/app on your phone and you achieve this by downloading the application called GOOGLE AUTHENTICATOR.
The below are the steps will work you through your AWS console to set your Multi-factor authentication.
STEP 1:
Login into your console as a user, click on your account ID and Security Credentials
STEP 2:
Click assign MFA
STEP 3:
Select MFA device name
STEP 5:
Set up device with the QR code, which transfers information to the MFA application. Get the code from your authenticator which is activated in your phone and fill out MFA code 1 and 2 and you never use same code twice. The code timed out in about 25 seconds. Each code is attached to every user.
Add MFA
STEP 9:
Test the MFA set up to ensure it is working as expected. You've successfully secured your account. Happy Learning! 😊
Below are general questions being asked when installing MFA:
SHOULD I DEACTIVATE DEVICE?
A lot of times, people loose their phones and deactivating Multi-factor authentication may become challenging! you can run this command programmatically to deactivate. Should someone steals your device, they would not be able to log into your account expect they have access to your password.
aws iam deactivate-mfa-device - -user-name <IAM> - -serial-number <serial number of MFA device>
SHOULD MFA DEVICE IS LOST OR BROKEN?
In a work environment people lose their MFA device or it is unavailable. You can use a backup MFA device if you initially set up a multiple MFA device and log in. You can contact the cloud services provider ( AWS/ MICROSOFT ) to assist you in resetting your MFA.
TIPS:
There are various ways that reminds us how important MULTI-FACTOR AUTHENTICATION works.
FACTORS: There are different pieces of evidence to prove identity which is a single entry into an account. Ensure that factors means more security and harder means to fake entry.
KNOWLEDGE : This is what you are familiar with like your password and username.
POSSESSION : A possession would mean something you have like bank pin / MFA device app/token
INHERENT : We use inherent in different ways to authenticate example like, voice/finger print/face scan.
CLOUD PROVIDERS THAT SUPPORT MULTI-FACTOR AUTHENTICATION
Amazon Web Services
Amazon Single Sign-on
Microsoft Azure
Google Cloud
Dropbox and so on
However, some other cloud vendors may have their own security requirements and prefer to adopt some layer of security instead of MFA.
HOW DO YOU INTEGRATE MFA IN AN EXISTING AUTHENTICATION SYSTEM?
- Ensure to evaluate the current if it support MFA for example
biometrics, push notifications, SMS.
You choose MFA method authentication system by adding third-party software
You should integrate MFA to the system and test to ensure its works as expected to meet security standard
- Enable users
- Monitor if the authentication works
I do not own the right to this images. This is to guide beginners on how to secure their account as a best practice.
Referencing : https://docs.aws.amazon.com/
No comments:
Post a Comment