- Newest
- Most votes
- Most comments
MFA is definitely a good idea.
It sounds like the VPN you're using is between your client device (e.g., laptop) and your company's infrastructure, with traffic then routed out to the Internet. That's helpful to secure access to your corporate network but won't be doing a great deal to secure your AWS credentials.
Whether MFA is necessary or not depends on how valuable what you're protecting is. If it's a root AWS account for example, compromise of your account could result in loss of any services provided through AWS, leakage of any data held and tampering with that data. Whoever has access could also run up a huge bill. If it's a user with very limited access then damage would be limited. If in any doubt, it's better to be safe than sorry.
If MFA is troublesome, maybe consider a different provider? You might also want to consider federating access from your company's identity provider to enable single sign on. That would make log on easier and faster and come with governance benefits for your company too.
Relevant content
- asked 2 years ago
- asked 4 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Thank you for your answer. I just wonder if your internet(VPN) is danger, will MFA be useful too.
The risk that MFA protects against is someone else finding your username and password and using them. Your credentials will be encrypted in transit, but there are other ways in which they could be compromised, for example you might be victim to a phishing attack or perhaps you re-use passwords and they're exposed from another site. A VPN does nothing to protect against those circumstances but MFA does.