Amazon Web Services Introduces Two-Factor Authentication

Amazon will introduce handheld token generators as an upgrade to its authentication procedures for the Web Services section. This type of authentication provides a huge leap in security for AWS members, being inspired by the token generators used in home banking secure customer login.

Amazon Web Services is a product mainly dedicated to small or medium businesses, providing high-quality and high-performance IT solutions for customers that can't afford their own data center or complex IT infrastructure.

This new authentication system will be relying on a system of “know and have” method, the user knowing their AWS user-name and their password, and also having a special security code. This security code will be generated by a simple handheld gadget that can be found for sale at this page for about $12.99.

The system was based on OAUTH reference authentication architecture, and will not be turned on by default per AWS accounts. After an Amazon Web Services member has acquired the token generator from a third-party vendor, they will have to enter their account settings and modify the security and authentication settings manually. The use of this service (MFA, Amazon Multi-Factor Authentication) is free.

The above-mentioned device is a simple token generator that will produce a new security code at every 30 seconds. The generated digit stream will be based on the current time and the device's serial number. The generated code can be used only once for authentication. Small and lightweight, the device provides a boost in account security, making it more difficult for third parties to get unauthorized access to AWS accounts.

This method is world wide used by many financial corporations and home banking systems, which usually employ the generated code as a password. Amazon will take this to the next level, asking the user for their user-name, password and the special token, as a password for the password.

“An additional layer of protection, once reserved for banks and large enterprises, is now available to protect your AWS account from unauthorized use. This should be especially attractive to our enterprise-level customers, but we expect customers of all types to value the additional security,” said the official announcement.