AWS adds passkey multi-factor authentication (MFA) for root and IAM users
AWS News Blog
This article announces two new security enhancements from AWS: 1) support for passkeys as a multi-factor authentication (MFA) option for root and IAM users, and 2) enforcement of MFA for root users on AWS accounts, starting with management accounts in AWS Organizations.
Specifically, the article covers:
- An explanation of passkeys, which are cryptographic key pairs used for FIDO2 authentication, replacing traditional passwords.
- How to enable passkey MFA for an IAM user in the AWS console.
- The user sign-in experience with passkey MFA, using QR codes and biometrics like Face ID or Touch ID.
- AWS's plan to enforce MFA for root users, starting with management accounts in AWS Organizations, with a grace period before making it mandatory.
- The regional availability of these new security features.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jun 11
2024
2024
AWS Identity and Access Management now supports passkey as a second authentication factor
Jun 11
2024
2024
Passkeys enhance security and usability as AWS expands MFA requirements
Jun 17
2025
2025
AWS IAM now enforces MFA for root users across all account types
Jul 21
2025
2025
Beyond IAM access keys: Modern authentication approaches for AWS
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.