Amazon Web Services adds support for passkeys. Starting next month, root accounts will be required to enable multi-factor authentication.
Amazon writes in a blog post that it is expanding the options for two-factor authentication for AWS user accounts to FIDO2 passkeys. These are cryptographic keys that are stored and synchronized on a device. Tweakers previously wrote a background article about it. AWS doesn't make it mandatory for regular users and administrators to use passkeys or even two-factor authentication, but it does recommend it. Users who have already enabled a form of 2fa can create a passkey from it, but that is not mandatory either.
It will be mandatory to set up 2fa for so-called root accounts. These are the power users of AWS accounts that are not managed by an organization. They will need to enable multi-factor authentication when logging into the AWS Management Console from July this year. Amazon wants to roll this out gradually. There will be a short period in which root users will receive a warning when logging in. Root users within AWS Organizations are not required to do so.