By using AWS re:Post, you agree to the Terms of Use
/Is MFA necessary/

Is MFA necessary

0

Our Company use a MFA that name is WinAuth. And I find it is very troublesome when I login into the AWS. I thought is enough safe cause our company using a VPN to connect internet. In this case, is MFA necessary?

2 Answers
0

MFA is definitely a good idea.

It sounds like the VPN you're using is between your client device (e.g., laptop) and your company's infrastructure, with traffic then routed out to the Internet. That's helpful to secure access to your corporate network but won't be doing a great deal to secure your AWS credentials.

Whether MFA is necessary or not depends on how valuable what you're protecting is. If it's a root AWS account for example, compromise of your account could result in loss of any services provided through AWS, leakage of any data held and tampering with that data. Whoever has access could also run up a huge bill. If it's a user with very limited access then damage would be limited. If in any doubt, it's better to be safe than sorry.

If MFA is troublesome, maybe consider a different provider? You might also want to consider federating access from your company's identity provider to enable single sign on. That would make log on easier and faster and come with governance benefits for your company too.

answered 2 months ago
  • Thank you for your answer. I just wonder if your internet(VPN) is danger, will MFA be useful too.

  • The risk that MFA protects against is someone else finding your username and password and using them. Your credentials will be encrypted in transit, but there are other ways in which they could be compromised, for example you might be victim to a phishing attack or perhaps you re-use passwords and they're exposed from another site. A VPN does nothing to protect against those circumstances but MFA does.

0

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions