Plugin Title Users MFA Enabled
Cloud AWS
Category IAM
Description Ensures a multi-factor authentication device is enabled for all users within the account
More Info User accounts should have an MFA device setup to enable two-factor authentication
AWS Link http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html
Recommended Action Enable an MFA device for the user account


Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the "Services" option and search for IAM.
  3. Scroll down the left navigation panel and choose "Users".
  4. Select the "User" that needs to be verified and click on the "User name" to access the selected "IAM User".
  5. Click on the "Security Credentials" under the configuration page.
  6. Scroll down the "Security Credentials" tab and check the "Assigned MFA device".Check the "Multi-factor authentication (MFA)" section for any active devices. If "Not assigned " is showing against "Assigned MFA device" than a multi-factor authentication device is not enabled for the selected user account.
  7. Repeat steps number 2 - 6 to check another IAM user.
  8. On "Your Security Credentials" page scroll down and click on the "Multi-factor authentication (MFA)" and click on the "Manage" link to enable a multi-factor authentication device.
  9. Click on the "Virtual MFA device" and click on "Continue".
  10. Now install the AWS MFA compatible application on mobile device or computer. Once the application is installed click on the "Show QR code" and scan the code with pre-installed application.
  11. Enter two consecutive MFA codes generated from application in "MFA code 1" and "MFA code 2" and click on the "Assign MFA" button.
  12. On successful setup will get the following message "You have successfully assigned virtual MFA".
  13. Repeat steps number 8 - 12 to enable multi-factor authentication device for all other IAM users.

Want to scan for this risk automatically?

Get Started Now