Using Time-based One-time Password (TOTP, or multi-factor authentication, MFA) puts an extra protection on top of your logon password or AccessKey. We strongly recommend that you follow the instruction to enable TOTP for your Alibaba Cloud account (primary account).
In addition, you determine whether to enable virtual MFA devices for your RAM user after you create a RAM user.
Your Alibaba Cloud account has full control permissions for all of the resources under it. If the logon password or AccessKey of the primary account is disclosed, the security of all of the assets under the primary account is greatly threatened. To reduce this risk, we strongly recommend that you enable TOTP (MFA) for your primary account.
Log on to the
Alibaba Cloud console.
Move the mouse pointer to your account name on the upper-right corner of the page and click Security Settings.
On the Security Settings page, click Set next to Account Protection.
On the Turn on Account Protection page, configure your account protection policy as on which scenes to require SMS/TOTP verification. In this case, check TOTP verification for logon.
Click Submit to start Identity Verification.
Enter your verification code sent either to your mobile phone or your email and click Next to verify your identity.
Download and install the Google Authenticator app on your phone and click Next. For detailed information on the installation, see Google Authenticator Installation and Use Guide.
Enable the TOTP. Use your Google Authenticator app to scan the QR code to get a 6-digit verification code, enter the code, and click Next.
Open Authenticator, click + (Add User), and then click Scan Barcode to scan the code.
If your mobile phone does not support the scanning feature, you can click Manual entry to enter the MFA key information. The information is displayed when you click Scan failed?.
After you have scanned the code, the user is added automatically and your authenticator app displays a dynamic password for the account. The account protection is then successfully set.
Note: The dynamic password is updated every 30 seconds.
After you enable TOTP for logon, you log on to your account as the following procedure.
Log on with your user name and password.
After the password is verified, you are required to provide the TOTP code, as shown in the following figure:
After you pass the TOTP verification, you successfully log on to your Alibaba Cloud account.
For RAM users in your Alibaba Cloud account, you can also enable MFA devices for them. For more information, see Create a RAM user.