AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password. With MFA enabled, when a user signs in to an AWS Management Console, they will be prompted for their user name and password (the first factor—what they know), as well as for an authentication code from their AWS MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.
You can enable MFA for your AWS account and for individual IAM users you have created under your account. MFA can be also be used to control access to AWS service APIs.
After you’ve obtained a supported hardware or virtual MFA device, AWS does not charge any additional fees for using MFA.
Virtual MFA Applications
Applications for your smartphone can be installed from the application store that is specific to your phone type. The following table lists some applications for different smartphone types.
| Android | Authy, Duo Mobile, LastPass Authenticator, Microsoft Authenticator, Google Authenticator |
| iPhone | Authy, Duo Mobile, LastPass Authenticator, Microsoft Authenticator, Google Authenticator |
source:https://aws.amazon.com/iam/features/mfa/?audit=2019q1
