Amazon Web Services (AWS) will expand its mandatory multifactor authentication (MFA) program in 2025 following its success in reducing phishing and enhancing security. Since making MFA compulsory for root users in May 2024, over 750,000 users have activated it, aided by the addition of FIDO2 passkeys. This initiative has mitigated over 99% of password-related attacks, underscoring its effectiveness in safeguarding accounts.
Starting in Spring 2025, AWS will require MFA for member account root users within AWS Organizations, ensuring heightened security across all accounts. Customers will receive advance notifications to facilitate the transition. AWS has also launched centralized root access management, allowing organizations to streamline root account control without relying on long-term credentials, aligning with AWS’s goal to strengthen authentication and simplify account oversight.
Click here to read the entire article on SCMedia