Setup a virtual MFA device for your AWS Account

Security is a shared responsibility

This guide will help you setup a virtual MFA device for your AWS account in less than 5 minutes!

What is MFA?

MFA stands for multi-factor authentication. It is a simple way to add an extra layer of protection on top of your user name and password.

In other words:

MFA requires that a user signs in with their user name and password (the first factor), as well as a token MFA token (the second factor—what they have). Together, these multiple factors provide increased security for your AWS account settings and resources.

What is a virtual MFA device?

A Virtual MFA device is an application that runs on your existing smartphone or tablet. You can install a virtual MFA device from your application store.

The Virtual MFA application uses the open TOTP standard to generate a one-time password that is time-based (known as tokens).

The most common virtual MFA applications are Google Authenticator, Authy 2-Factor Authentication and Microsoft Authenticator.

You can also choose another virtual MFA application if you desire.

Step to setup a virtual MFA device for your AWS account

This guide mostly focusses on IAM users. Consequently, Root users must read this guide and then start the MFA setup from a different link. The steps are primarily the same for both types of users.

Step 1 – Download one of the following apps to your phone.

Use one of these links to download your preferred app from your app store.

Android Google AuthenticatorAuthy 2-Factor Authentication
iPhone Google AuthenticatorAuthy 2-Factor Authentication
Windows Phone Authenticator

Step 2 – Login to the AWS console by clicking on the following link:

Step 3 – Click on your account menu, click on ‘My Security Credentials’.

Step 4 – On the ‘my security credentials’ page, click on the ‘Assign MFA device’ button.

Step 5 – Select the ‘Virtual MFA device’ option; click on the ‘Continue’ button.

Step 6 – follow the ‘Manage MFA device’ setup steps.

Use the virtual MFA application you installed in step 1.

Click on ‘Show QR code’.

Scan the QR code.

Enter two consecutive MFA codes from your virtual MFA device.

Click on the ‘Assign MFA’ button.

Note: You MFA application will allow you to add other MFA accounts. You do not need to add your Gmail account to Google Authenticator if you do not want too.

Finally, you will see the following popup on successful completion:

Information for root account users

Log out and log in to the AWS management console using your ‘root access’ account details.

Navigate to the ‘Identity and Access Management (IAM)’ dashboard.

In the ‘Security Status’ section, find the ‘Activate MFA on your root account’ drop down.

And then, click on the ‘manage MFA’ button.

The instructions to setup MFA will be similar to the previous steps that you followed.

In Summary

Setting up a virtual MFA device will you to become more secure. It takes less than 5 minutes.

Post your feedback in the comments below! Read other great posts at!

About the Authors

Each member of Anto's editorial team is a Cloud expert in their own right. Anto Online takes great pride in helping fellow Cloud enthusiasts. Let us know if you have an excellent idea for the next topic!

Support the Cause

Support Anto Online and buy us a coffee. Anything is possible with coffee and code.

Buy me a coffee

Leave a Reply

Your email address will not be published. Required fields are marked *