IAM multi-factor authentication should be enabled for all IAM users that have a console password¶
Multi-factor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multi-factor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.
Console Remediation Steps¶
Navigate to IAM.
In the left navigation, select Users.
Add the MFA column if it is not displayed by default.
Select the user whom does not have MFA enabled.
Click the Security credentials tab.
In Assigned MFA Device, click Manage.
Enable MFA for the user as described here.
Repeat the above steps until all users have MFA enabled.
CLI Remediation Steps¶