Ref: https://learn.cantrill.io/courses/1820301/lectures/41301460

DEMO: https://learn.cantrill.io/courses/1820301/lectures/41301461

• Summary
• Contents:

Why is MFA needed?

• Web-based authentication usually based on usernames and passwords
  • ❗ If leaked, anyone can impersonate you!
• 🔧 Factors = different pieces of evidence which prove identity
  • Types:
    1. Knowledge - something you know (username + password…)
    2. Possession - something you have (bank card, MFA device/app, U2F key…)
    3. Inherent - something you are (fingerprint, face scan…)
    4. Location - where you are (geo coordinates, NW/IP address…)
  • Trade-off: security ↔ convenience
    • More factors means more security and harder to fake
    • …but the more factors we use, the more time & effort it takes to authenticate
  • Types of authentication based on number of factors:
    • SFA/1FA (Single/One-Factor Authentication) = use only one factor
    • 2FA (Two-Factor Authentication) = use two factors
    • MFA (Multi-Factor Authentication) = use more than one factor
• SFA vs MFA Diagram

MFA in AWS

• One can activate MFA for a user (e.g. account root user, or IAMADMIN user)
  • AWS generates secret key + additional information (normally in a QR code)
  • Information must be entered into an MFA device/app e.g. Google Authenticator
• Once set, the MFA code in the device/app will refresh periodically
• When authenticating to the AWS account, both the credentials (username + password) as well as the current MFA code will be asked → increased security
• Summary Diagram

DEMO: Securing an AWS Account with MFA

Ref: https://learn.cantrill.io/courses/1820301/lectures/41301461

• Account drop-down menu > Security credentials > Assign MFA
• Select “Authenticator App” as MFA device & follow steps
  • Any authenticator app works (Google Authenticator, Authy, 1Password…)