This topic describes how to configure security settings for an Alibaba Cloud account, such as how to change the login password and enable multi-factor authentication (MFA).
Change the login password
Log in to the Alibaba Cloud console by using your Alibaba Cloud account. Navigate to the Security Settings page.
In the Login Password section, click Change on the right.
On the page that appears, change your login password as prompted.
In the following example, the Alibaba Cloud app is used to describe how to enable MFA. You can enable MFA to improve the security of your Alibaba Cloud account.
Log on to the Alibaba Cloud console by using your Alibaba Cloud account.
Move the pointer over the profile picture in the upper-right corner of the console, and click Security Settings.
In the Account Protection section of the Security Settings page, click Edit.Note
MFA is now renamed TOTP.
On the Turn on Account Protection page, select scenarios, select the TOTP verification method, and then click Submit.
In the Verify identity step of the Identity Verification page, select a verification method.
Click Verify now, enter the verification code, and then click Submit.
Download and install Google Authenticator on your mobile phone. After you install Google Authenticator, go back to the Install the application step of the Identity Verification page and click Next.
For iOS, install the Google Authenticator app from the App Store.
For Android, install the Google Authenticator app from the Google Play Store.Note
For Android, you must install a QR code scanner from the Google Play Store for Google Authenticator to identify QR codes.
Open the Google Authenticator app and tap BEGIN SETUP.
Select a method to enable the MFA device from the following available options.
(Recommended) Tap Scan barcode in the Google Authenticator app, and scan the QR code in the Enable the MFA step of the Identity Verification page in the Alibaba Cloud console.
Tap Manual entry, enter the username and key, and then tap the √ icon in the Google Authenticator app.Note
You can find the username and key by moving the pointer over Scan failed in the Enable the MFA step of the Identity Verification page.
In the Enable the MFA step of the Identity Verification page, enter the dynamic verification code in the Google Authenticator app, and click Next to complete the account protection settings.Note
The verification code in the Google Authenticator app is refreshed every 30 seconds.