I am trying to disable SMS MFA for my root user account. I know that at the current time, root users are not even allowed to use SMS MFA anymore, but I think I have enabled it quite some time ago and it basically has always worked.

The issue is that I also started to use Google Authenticator and would like to switch to using it solely for MFA. Right now I have three challenges when I log in. First the standard username/password, then I get an SMS and finally I get prompted for the authenticator token. I followed all tutorials on how to configure MFA, but the fact that my root account uses SMS MFA is not visible anywhere.

I am also confused reading that SMS MFA is only supposed to work until the 1st of February 2019. I was hoping the problem solves itself, but clearly, I am still stuck with SMS MFA.

Has anyone experienced the same issue or know how to go about resolving it? How and where would I report this to AWS. I cannot open technical support issues.


Hello Hardy,

As a best practice, we recommend that you keep your Amazon MFA active. If you do not wish to complete SMS challenge during sign-in, you can deactivate SMS as your MFA factor on your Amazon retail account and replace it with other factors.

Hello Hardy,

The SMS MFA public preview is only supported for IAM users and cannot be enabled for root. In addition, we support 1 MFA to be active for user (IAM and root) at a time. The experience you have described below is not supported by AWS MFA.

If you created your AWS account prior to September 2017 and have enabled MFA on your Amazon retail account (with same email address as is associated with your AWS root user), you will be required to complete your Amazon MFA challenge in addition to the AWS MFA you enabled for root.

Please let us know whether the above may be a reason that you are experiencing multiple MFA challenges while signing in.

thanks for the response.

The SMS MFA public preview is only supported for IAM users and cannot be enabled for root. In addition, we support 1 MFA to be active for user (IAM and root) at a time. The experience you have described below is not supported by AWS MFA.

Sure. That was what confused me as well. For all the information I could find, I should not be even in this situation. However, supported or not, this is the situation I am in.

If you created your AWS account prior to September 2017 and have enabled MFA on your Amazon retail account (with same email address as is associated with your AWS root user), you will be required to complete your Amazon MFA challenge in addition to the AWS MFA you enabled for root.

Please let us know whether the above may be a reason that you are experiencing multiple MFA challenges while signing in.

Actually, this sounds about right. I use for sure the same email and the timeframe is about right as well. So what can I do to change this?


