MFA
Definition
Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more verification factors to gain access to a resource such as an application, online account, or VPN. MFA enhances security by combining something the user knows (password), something the user has (security token or smartphone), and/or something the user is (biometric verification) to confirm identity. This layered approach significantly reduces the risk of unauthorized access due to compromised credentials.
Secure Settings Example
# Example of enabling MFA in AWS IAM
Resources:
MyUser:
Type: 'AWS::IAM::User'
Properties:
UserName: 'exampleUser'
Policies:
- PolicyName: 'MFARequired'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Deny'
Action: '*'
Resource: '*'
Condition:
Bool:
aws:MultiFactorAuthPresent: 'false'
Insecure Settings Example
# Example of an IAM policy without MFA enforcement
Resources:
MyUser:
Type: 'AWS::IAM::User'
Properties:
UserName: 'exampleUser'
Policies:
- PolicyName: 'NoMFARequired'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Action: '*'
Resource: '*'