Tuesday, 15 June 2010

amazon web services - AWS Security - What happens if I lose my MFA device? -


After enabling multi-factor authentication for my AWS root account, I think there is a risk: my credentials are mine The cell is on the phone If I lose my cell phone, will I stop it from my root account forever? I mean, obviously I can download another credentials, I have a QR code which scans me which concerns me: I am uncertain that I have the necessary access to retrieve / reproduce it. Advice, anyone?

AWS IAM is actually very easy to generate the same code for those generated by the virtual MFA tool. , on your computer! You must keep a secure backup of the secret key that is visible to you during the "management MFA device" process.

During device registration, under the QR code, expand "Show secret key for manual configuration": Copy that string and encrypt it securely somewhere. Then call your phone & amp; Go ahead to enter c in general.

In the future, you should lose your phone, you can generate the current time-based one-time password code by running the saved secret key through the following dragon snippets:

#! Import from / usr / bin / env Python import from IPO ISP Seed = 'SECEEEKDE' # Change the content of this string # with your saved secret key Totp (b32decode (SEED) .encode ('hex'), format = 'Dec6', period = 30)

(You will need to pledge pip installation First of all, this is not part of Python's standard library.)


No comments:

Post a Comment