June 12, 2024 at 03:43PM
AWS has launched FIDO2 passkeys for multi-factor authentication, boosting account security. These passkeys use public key cryptography and resist phishing attacks. Amazon encourages users to adopt MFA, planning to make it mandatory for root account users by July 2024. The company is committed to enhancing MFA adoption via CISA’s Secure by Design pledge.
Key Takeaways from the Meeting Notes:
1. Introduction of FIDO2 Passkeys:
– AWS has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability.
– FIDO2 passkeys are physical or software-based authentication solutions that leverage public key cryptography to sign a challenge sent by the server, providing resistance to phishing and man-in-the-middle attacks.
2. Implementation Details:
– Amazon’s implementation of FIDO2 passkeys includes the flexibility of creating syncable software passkeys for adding as an MFA method for AWS accounts, with support for unlocking through Apple Touch ID on the iPhone, Windows Hello on the laptop, and other similar authentication methods.
3. Push for MFA Adoption:
– Mandatory MFA usage, beginning with standalone root account users, will be enforced starting in July 2024, with a gradual rollout to provide a grace period for users to comply.
– Initially, the MFA requirement will apply to root users due to their susceptibility to damaging attacks.
– A pop-up alert will be displayed at sign-in to remind impacted account holders of the new requirement.
– The MFA requirement is expected to be extended to other user categories, with details to be shared later in the year.
4. Commitment to Enhancing MFA Adoption:
– Amazon has committed to enhancing MFA adoption by signing CISA’s Secure by Design pledge, actively working towards that goal.