mooreds
3 hours ago
I'd go with number 2 unless you want to buy everyone a hardware token (option number 3).
There are open source solutions (I've used https://2fas.com/ ) and very common solutions (Google Authenticator).
You can even print out the QR code and put it in a secure location (safe, safe deposit box) as a break-glass in case everyone's phones cease functioning.
herodoturtle
2 hours ago
We all have the gmail app installed on our phones - is this something we could tap into for Google Authenticator?
Forgive the ignorant questions, as you can tell we're pretty new to this stuff.
Kinda wish we could just use simple email 2FA to be honest!
Thanks for the reply.
dcminter
2 hours ago
I use Google's Authenticator for this - you should be fine with that.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credenti...