添加虚拟MFA或硬件MFA
最后更新于
To enhance the security of your AWS account, adding a virtual Multi-Factor Authentication (MFA) device is a recommended step. With AWS, you can either add a virtual MFA to your root account or to an individual Identity and Access Management (IAM) user. This additional layer of security ensures that your account remains protected against unauthorized access.
Virtual authenticator apps implement the (TOTP) algorithm and support multiple tokens on a single device. Virtual authenticators are supported for IAM users in the and in other AWS Regions. For more information about enabling virtual authenticators, see .
You can install apps for your smartphone from the app store that is specific to your type of smartphone. Some app providers also have web and desktop applications available. See the following table for examples.
Android
iOS
To add a virtual MFA device, see one of the following:
需要首先购买一个硬件MFA,支持FIDO标准的安全密钥security key,或者TOTP token。FIDO Alliance维护了所有支持FIDO2标准的 清单。可以从该网站查询可用的安全密钥。推荐购买yubico的security key:
然后将硬件MFA插到您所使用的电脑上,在控制台中配置,配置步骤如下:
To add a FIDO security key, see one of the following:
To add a hardware MFA device, see one of the following:
Hardware TOTP tokens
Hardware TOTP tokens for the AWS GovCloud (US) Regions
, , , ,
, , , ,
.
Hardware tokens also support the and are provided by Thales, a third-party provider. These tokens are for use exclusively with AWS accounts. For more information, see .
You can purchase these tokens directly from the manufacturers as a or .
Hardware TOTP tokens are compatible with the and are provided by Hypersecu, a third-party provider. These tokens are for use exclusively by IAM users with AWS GovCloud (US) accounts.
You can purchase these tokens directly from the manufacturer as a .