Recently AWS announced they will support physical devices to configure 2FA when accessing the AWS console, starting with Yubico’s YubiKey. So I looked into this and its really simple, I had 2FA previously on my phone using Google authenticator which works fine but a YubiKey is dead cheap. Available on Amazon.com for around £30 in the UK so thought I would get one and see how it easy it.
Below is the post from AWS
When it arrives plug it in via USB
2FA can be assigned to the root account, and it is recommended to do so, but it can also be assigned to IAM users. To enable it for a user, login to the console with an account that has permissions and open IAM – Users. Create the user if its new or select an existing one and go to Security Credentials – Assigned MFA Device – Manage
Choose U2F Security Key
Simply plug the key in, if its not already, and tap the thumb print. Chrome does prompt for permission to pass the information, once passed you will get a success message
Now just log back in with that user
You will then be prompted to tap the key again, as long as its plugged in and you will be logged in. A lot quicker and easier than the phone, but im lazy!
And now im logged in fine. The YubiKeys are cheap and easy to use so why not, they can also be used for other services not just AWS.