AWS to Require Multifactor Authentication for Member Accounts

AWS to Expand Mandatory Multifactor Authentication in 2025. Amazon Web Services (AWS) is set to broaden its multifactor authentication (MFA) program next year, following a successful rollout that saw over 750,000 root users activate MFA since its introduction in May 2024. The adoption rate doubled after AWS added FIDO2 passkeys, leading to a 99% reduction in password-related attacks. Starting in Spring 2025, MFA will be required for member accounts within AWS Organizations, with notifications sent to affected customers to ensure a smooth transition. Additionally, AWS has introduced centralized root access management to reduce reliance on passwords, enhancing security and simplifying account management for users.