This topic uses the Google Authenticator app as an example to describe how to enable a multi-factor authentication (MFA) device for an Alibaba Cloud account. After an MFA device is enabled, it provides additional security protection for your Alibaba Cloud account.

Prerequisites

The Google Authenticator app is downloaded and installed on your mobile device. You can use one of the following methods to download the Google Authenticator app:

  • For iOS, download the Google Authenticator app from the App Store.
  • For Android, download the Google Authenticator app from your preferred app store.
    Note For Android, you must download and install a quick response (QR) code scanner from a app store for Google Authenticator to identify QR codes.

Procedure

  1. Log on to the Alibaba Cloud Management Console by using your Alibaba Cloud account.
  2. Move the pointer over the profile picture in the upper-right corner of the console, and click Security Settings.
  3. In the Account Protection section of the Security Settings page, click Edit.
    Note MFA is renamed TOTP.
  4. On the Turn on Account Protection page, select scenarios and the TOTP verification method. Then, click Submit.
  5. On the Identity Verification page, select a verification method.
  6. In the Install the application step, click Next.
  7. Enable a virtual MFA device on your mobile device.
    Note The following example shows how to enable a virtual MFA device in the Google Authenticator app on your mobile device that runs iOS.
    1. Open the Google Authenticator app.
    2. Click Get started and use one of the following methods to enable a virtual MFA device:
      • Tap Scan a QR code in the Google Authenticator app and scan the QR code that is displayed in the Enable the MFA step of the Alibaba Cloud Management Console. This method is recommended.
      • Tap Enter a setup key, enter an account and the key of the account, and then tap Add.
        Note In the Enable the MFA step of the Alibaba Cloud Management Console, move the pointer over Scan failed to view the account and key.
  8. In the Enable the MFA step of the Alibaba Cloud Management Console, enter the dynamic verification code that is displayed in the Google Authenticator app. Then, click Next to complete the account protection settings.
    Note Verification codes in the Google Authenticator app are updated at an interval of 30 seconds.

What to do next

If you use the Alibaba Cloud account to log on to the Alibaba Cloud Management Console after you enable the virtual MFA device, you are prompted to enter the following verification information:

  1. Enter the username and password of the Alibaba Cloud account.
  2. Enter the verification code that is generated by the virtual MFA device.
Note
  • The virtual MFA device that is enabled for an Alibaba Cloud account does not affect the logon of the RAM users that belong to the Alibaba Cloud account.
  • Before you uninstall your application that is used for MFA or unbind a virtual MFA device, you must log on to the Alibaba Cloud Management Console and disable the virtual MFA device. Otherwise, a logon failure may occur.