Header image

#AWSreInforce: FIDO2 MFA Pushed out to Users

Passkeys added to authentication process.

AWS has announced support for FIDO2 passkeys to ensure multi-factor authentication (MFA) is used.

In an announcement made today at the re:Invent conference in Philadelphia, AWS said as it expands its MFA capabilities, this support for FIDO2 passkeys as an MFA method is launched “to help customers align with their MFA requirements and enhance their default security posture,” Arynn Crow, senior manager of user authentication products for AWS Identity said.

Acknowledging that customers already use passkeys on billions of computers and mobile devices across the globe, using only a security mechanism such as a fingerprint, facial scan, or PIN built in to their device, Crow said that same passkey can be used as your MFA method as you sign in to the AWS console across multiple devices.

Specifically, a passkey is a pair of cryptographic keys generated on your client device when you register for a service or a website. The key pair is bound to the web service domain and unique for each one.

Rather than replacing the password, the passkey adds a second factor authentication, to provide something you have in addition to something you know.

AWS CISO Chris Betz said: “AWS customers can now use the built-in authenticators on their phones and laptops to add cryptographically phishing-resistant credentials to their side of the experience.”

Last year, AWS IAM announced the general availability of support for FIDO2 security keys in the AWS GovCloud (US-East and US-West) Regions. Also in October 2023, AWS announced it would begin requiring MFA for the most privileged users in an AWS account.

Also announced this week, as part of a series of new launches, was the enforcement of MFA on root users for when signing in to the AWS Management Console.


Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.