How do I reset my AWS root user account MFA device?

3 minute read

I want to reset my AWS root user account multi-factor authentication (MFA) device. How do I reset it?


To reset your MFA device, you must have access to the AWS root user account email address and phone number associated with the account.

Note: If you are an AWS Identity and Access Management (IAM) user, you can't reset MFA by yourself. You must contact your administrator to deactivate the device. For more information, see Recovering an IAM user MFA device.

  1. Sign in using your AWS account root user email address.
  2. On the Root user sign in page, enter the password of your root account.
  3. On the Amazon Web Services Sign In With Authentication Device page, choose Troubleshoot MFA? Click here.
  4. On the Troubleshoot Your Authentication Device page, choose Sign In using alternative factors.
  5. On Step 1: Email address verification, validate that the email address is correct and choose Send verification email.
  6. In the email from AWS with the subject line, AWS Email Verification, choose Verify your email address. The Step 2 page in the verification process appears.
  7. On Step 2: Phone number verification, confirm the phone number listed is correct, and then choose Call me now.
    Note: If you didn't receive the automated telephone call or you need to update the phone number, see How do I update my telephone number to reset my lost MFA device?
  8. Answer the phone call from AWS and use your phone’s keypad to submit the six-digit verification code that appears on your device's screen.
  9. On Step 3: Sign In, choose Sign in to the console. You are automatically redirected to your Security Credentials.
  10. Choose Deactivate, next to the MFA device that you want to reset.
  11. Choose Activate MFA to add an MFA device.

Note: It's a best practice to enable a new MFA device on your root account as soon as possible to make sure that your root account is protected by MFA.

If you lost your MFA device, you can still protect your root account with MFA by adding a virtual device, see Enabling a virtual multi-factor authentication (MFA) device.

If you need additional assistance, see Lost or unusable multi-factor authentication (MFA) device . Choose the button I'm still having problems and would like to contact AWS Support. Then, complete the Request assistance with lost or unusable MFA device form and choose Submit.

AWS OFFICIALUpdated 2 years ago

This procedure is not working. the ste4 ends with this message: Authentication failed Your authentication information is incorrect. Please try again

replied 5 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
replied 5 months ago