How can I reset a member account's 2FA from the root account?


We no longer have access to the 2FA device for a couple of our organization's member accounts. We do have the id's and passwords. How do we reset the 2FA for those accounts from the root account?

3 Answers


To reset your MFA device, you must have access to the AWS root user account email address and phone number associated with the account.

Note: If you are an AWS Identity and Access Management (IAM) user, you can't reset MFA by yourself. You must contact your administrator to deactivate the device. For more information, see Recovering an IAM user MFA device.

  1. Sign in using your AWS account root user email address.
  2. On the Root user sign in page, enter the password of your root account.
  3. On the Amazon Web Services Sign In With Authentication Device page, choose Troubleshoot MFA? Click here.
  4. On the Troubleshoot Your Authentication Device page, choose Sign In using alternative factors.
  5. On Step 1: Email address verification, validate that the email address is correct and choose Send verification email.
  6. In the email from AWS with the subject line, AWS Email Verification, choose Verify your email address. The Step 2 page in the verification process appears.
  7. On Step 2: Phone number verification, confirm the phone number listed is correct, and then choose Call me now.
  8. Note: If you didn't receive the automated telephone call or you need to update the phone number, see How do I update my telephone number to reset my lost MFA device?
  9. Answer the phone call from AWS and use your phone’s keypad to submit the six-digit verification code that appears on your device's screen.
  10. On Step 3: Sign In, choose Sign in to the console. You are automatically redirected to your Security Credentials.
  11. Choose Deactivate, next to the MFA device that you want to reset.
  12. Choose Activate MFA to add an MFA device.

Note: It's a best practice to enable a new MFA device on your root account as soon as possible to make sure that your root account is protected by MFA.

If you lost your MFA device, you can still protect your root account with MFA by adding a virtual device, see Enabling a virtual multi-factor authentication (MFA) device.

If you need additional assistance, see Lost or unusable multi-factor authentication (MFA) device . Choose the button I'm still having problems and would like to contact AWS Support. Then, complete the Request assistance with lost or unusable MFA device form and choose Submit.

answered a year ago

Hi, I think this guide will make It more clear:

Hope it helps ;)

profile picture
answered a year ago

I lost my old MFA Authenticator, and when I try to access my root account, AWS procedure dos not work. I receive the email, but step 2 fails: AWS NEVER calls my phone (it is correct in the profile, I checked).

Then I try to reach "technical support", but it ultimately redirects me to the same page that requires me to receive a phone call that never comes.

How can I reach AWS technical support staff to solve this?

answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions