Using Token2 FIDO2 Security keys with AWS MFAAmazon recommends enabling MFA to increase the security of your AWS environments. Signing in to MFA-protected accounts requires a user name, password,
and an additional MFA method. Currently, AWS supports 3 MFA methods: a virtual MFA device (mobile app like Google Authenticator),Security key and pre-enrolled keys. See our instructions here to learn how to use Token2 programmable TOTP tokens to protect your AWS account(as drop-in replacements for virtual MFA device).
In this guide, we will show how to use Token2 Security keys as an additional method for two-factor authentication with AWS MFA.
Requirements:• An AWS account
• Admin access to enable security keys (not required if security keys are already enabled)
• Modern browser supporting security keys
• A Token2 FIDO security key
Enable the security key in your AWS account• Log in to your AWS account console and select "Security Credentials" under your username (top menu on the right).
• Open the MFA section on the "Your Security Credentials" page, then click "Activate MFA," select "Security key" as your MFA type, insert the security key, and click "Continue".
• AWS will start to identify the inserted security key. If you have set up a PIN code on it you will be prompted to type it.
• After click 'Allow' to allow AWS to interact with your security key.
At this step, you will be prompted to press the button on security key to complete registration.
Note: Security keys differ in the exact instructions to activate them. Your key may require a tap or button press to activate registration.
• Now the account is ready to use this verification method. When AWS prompts you for your security key, insert it and touch the button to successfully login.
Subscribe to our mailing list
Want to keep up-to-date with the latest Token2 news, projects and events? Join our mailing list!