1

Is it possible to have hard-copy (i.e. printed out on paper) MFA tokens for AWS?

For Google's MFA, you can print out around 10 numbers to use in a disaster-type situation (say you are using an MFA app on your phone and you lose your phone or can't get a signal for some reason). Does a similar option exist for AWS? I can't seem to find it anywhere in the documentation.

I'm aware that there are digital MFA devices that you can keep in your wallet, but I feel like at some point, you really do need a backup solution in a form that isn't susceptible to electronic failure of one kind or another.

This would be for an IAM, by the way, not the master account.

Jordan Reiter
  • 1,290
  • 4
  • 20
  • 40

1 Answers1

2

I always print the QR code and keep that physically secure. That makes it easier to enrol multiple/new devices and also resolves the issue of losing a device.

From a security standpoint I don't feel this is substantially less secure than backup codes. The only area where it's weaker is that if an attacker manages to obtain your printed backup codes without you realising they are limited in the number of times they can use it - although by that point the damage is probably already done.

thexacre
  • 1,849
  • 13
  • 14