Enterprise Software

Amazon Web services launches two-factor authentication

For organizations considering a migration to cloud technologies, protecting the cloud account is of critical importance. In this TechRepublic blog post, IT pro Rick Vanover describes this new feature for the Amazon cloud services.

Protecting the management account for cloud services can be one of the most critical security points of a cloud-based solution. Arguably, the account is more important than instance and operating system security for cloud workloads. Amazon Web services (AWS) has recently introduced a new feature, Amazon Web services multi-factor authentication (AWS-MFA), to allow more secure account access.

With AWS-MFA enabled on an AWS account, access to the services are now required to use two-factor authentication. The first factor is the standard e-mail address and password for the AWS account, and the second factor is a six-digit code displayed on a token device. The token device currently available for AWS integration is a Gemalto device. The six-digit code is time expired and is placed with the standard AWS credentials for access to account functions. Figure A shows a Gemalto token device: Figure A

Figure A

Click image to enlarge.

AWS account holders can choose to enable the token device, and once they do, their account is presented with the second authentication factor. Figure B shows this in use: Figure B

http://b2b.cbsimg.net/gallery/339818-354-339.jpg

In typical AWS fashion, enabling the AWS-MFA feature is very easy for the account and quite affordable. The Gemalto token device is available for $12.99, including shipping for U.S. addresses. Further, there is no additional costs or pricing required to use the device once it is enabled on the AWS account. Many of the interface documents for AWS services have been updated near this feature's releases, as well as other new features such as the Amazon Virtual Private Cloud (Amazon VPC).

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

4 comments
wittai
wittai

it is amazing how a great venture like AWS goes back in time to dig out the etoken as its solution for strong authentication. Unless you are already a workaholic I wonder why would you add another device to your pocket? Do we really need dedicated physical devices as our indetifiers? read more in http://www.otenti.biz/blog/dowereallywanttogiveupouridentiry

charleswdavis6670
charleswdavis6670

I have been using a similar token (branded Citi) for a couple of years to access our bank account.

b4real
b4real

Please note, it is optional for the account. But an out-of-band (from username/password) options is a security plus.

b4real
b4real

Two-factor, or other out-of-band authentication is critical to access resources securely. This is just a small step forward for these technologies as they mature. But to your point, definitely not super new or ground breaking.

Editor's Picks