This topic describes how to use Multi-Factor Authentication (MFA) to enhance security for your account.

Background information

MFA is a simple and effective authentication method that adds an extra layer of security in addition to username and password. After MFA is configured, when a RAM user logs on to the Alibaba Cloud website, the system requires the user to enter the username and password (first security factor), and then requires the user to enter a dynamic verification code (second security factor) from the MFA device. The multi-factor authentication provides greater security for your account.

Procedure

The following section uses Google Authenticator app as an example to describe how to configure an MFA device for a RAM user.

  1. In the left-side navigation pane, click Users under Identities.
  2. In the User Logon Name/Display Name column, click the username of the target RAM user.
  3. On the Authentication tab, click Enable the virtual MFA device.
  4. Download and install the Google Authenticator app on your mobile phone.
    • For iOS, install the Google Authenticator app from the App Store.
    • For Android, install the Google Authenticator app from the Google Play Store.
      Note You need to install a QR code scanner from the Google Play Store for Google Authenticator to identify QR codes.
  5. Open the Google Authenticator app and tap BEGIN SETUP.
  6. Select a method to enable the MFA device from the following available options.
    • (Recommended) Tap Scan barcode in the Google Authenticator app and scan the QR codedisplayed on the Scan the code tab in the RAM console.
    • Tap Manual entry, enter the username and key, and then tap the icon in the Google Authenticator app.
      Note You can obtain the username and key from the Retrieve manually enter information tab in the RAM console.
  7. Enter the two consecutive verification codes that are obtained from the Google Authenticator app, and click Enable.
    Note The verification code in the Google Authenticator app is refreshed at an interval of 30 seconds.

What to do next

When a RAM user logs on to the RAM console with the MFA device enabled, the RAM user must enter the following information:

  1. Username and password of the RAM user
  2. Two consecutive verification codes provided by the MFA device
Note Before you uninstall or remove an MFA device, you must log on to the Alibaba Cloud console and disable the MFA device. Otherwise, a logon failure may occur.