Ensure that Multi-Factor Authentication (MFA) is enabled for your root account in order to secure your AWS environment and adhere to IAM security best practices.
Having an MFA-protected root account is the best way to protect your AWS resources and services against attackers. An MFA device signature adds an extra layer of protection on top of your existing root credentials making your AWS root account virtually impossible to penetrate without the MFA generated passcode.
To determine if your AWS root account is MFA-protected, perform the following:
To enable MFA access protection for your AWS root account, perform the following:Note 1: As example, this guide will use Google Authenticator as MFA device since is one of the most popular MFA virtual applications used by AWS customers. To explore other MFA devices (virtual and hardware) and their features visit http://aws.amazon.com/iam/details/mfa/