Ask HN: AWS registering MFA will be required in 29 days

6 pointsposted 10 hours ago
by herodoturtle

Item id: 41806749

4 Comments

mooreds

3 hours ago

I'd go with number 2 unless you want to buy everyone a hardware token (option number 3).

There are open source solutions (I've used https://2fas.com/ ) and very common solutions (Google Authenticator).

You can even print out the QR code and put it in a secure location (safe, safe deposit box) as a break-glass in case everyone's phones cease functioning.

herodoturtle

2 hours ago

We all have the gmail app installed on our phones - is this something we could tap into for Google Authenticator?

Forgive the ignorant questions, as you can tell we're pretty new to this stuff.

Kinda wish we could just use simple email 2FA to be honest!

Thanks for the reply.

dotps1

an hour ago

Personally I would do all of them.

I would make a passkey and stick it in Bitwarden so I have it with me on all my devices.

I would link my account to my authenticator app.

Then I would also register my yubikey I keep on my keychain.