AWS Security Blog

AWS Releases Preview of SMS MFA for IAM Users

Today, AWS introduced the preview of Short Message Service (SMS) support for multi-factor authentication (MFA), making it easier for you to implement a security best practice. Until now, you could enable MFA for AWS Identity and Access Management (IAM) users only with hardware or virtual MFA tokens, but this new feature enables you to use the text messaging functionality of a mobile phone to verify IAM users with MFA. When signing in to the AWS Management Console, IAM users will receive a security code via text message on their mobile phone and then be prompted to type it in their browser to help verify their identity.

SMS MFA provides an easy-to-use, familiar option for MFA that works on all devices that can receive a text message. You do not need to download a mobile app or have a hardware device to use SMS MFA. Also, because phone numbers are portable between mobile devices, you will retain access to your AWS account even if you change, upgrade, or lose your phone. There is no additional AWS charge for this feature, but SMS rates may apply, depending on your wireless service provider.

To begin using this feature, you must register your AWS account for the preview. Upon acceptance into the preview, which typically requires 1 to 2 business days, you will receive an email confirming that SMS MFA has been enabled for your AWS account. For additional information about this new feature, go to Enabling SMS Text Message MFA Devices.

Let us know what you think about the new SMS MFA option. Share your feedback below, or go to the IAM forum to leave comments and ask questions.

– Vikram