Amazon Web Services is set to broaden its mandatory multifactor authentication program in 2025 after observing significant adoption and reduced phishing incidents, Computer Weekly reports.
Following the introduction of compulsory MFA for root users in May 2024, over 750,000 root users have activated MFA, with adoption rates doubling after AWS included FIDO2 passkeys as an authentication option.
This policy has mitigated more than 99% of password-related attacks, demonstrating its effectiveness in enhancing account security.
AWS plans to extend the MFA requirement to member accounts within AWS Organizations starting in Spring 2025. Customers without central management of root access will need to enable MFA for member account root users to maintain console access. AWS will notify affected customers ahead of implementation to ensure a smooth transition. In addition, AWS has introduced centralized root access management for AWS Organizations accounts, reducing dependency on passwords and minimizing operational overhead. This feature allows customers to eliminate long-term credentials for root users while maintaining control over root account use. AWS emphasized its commitment to improving security through strong authentication and streamlined account management.
