Set up MFA

Last Updated: Jul 03, 2017


Step 1

Activate multi-factor authentication (two-step authentication) for primary accounts

Your Alibaba Cloud account has full control permissions for all of the resources under it. If the logon password or access key of the primary account is disclosed, the security of all of the assets under the primary account is greatly threatened. To reduce this risk, we strongly recommend that you bind multi-factor authentication (MFA) to your primary account.

Go to account security settings

  1. Log on to the Alibaba Cloud console, and then move the mouse pointer to your account displayed on the upper-right corner of the page and click Security Settings.

  2. On the Security Settings page, click Set next to Virtual MFA to enable the VMFA device binding process.


  3. Enter your verification code sent either to your mobile phone or your email to verify your identity.

Enable VMFA device binding process (start two-step authentication)

  1. Go to the Bind MFA Device page to bind your MFA device.

    To perform this operation, you must install an MFA application on your mobile phone. Alibaba Cloud ID Sec and Google Authenticator are two popular MFA applications. To install Google Authenticator, refer to Google Authenticator Installation and Use Guide.

    Enable VMFA Device

  2. Add a user in your MFA application.

    We use Google Authenticator as an example. Open Authenticator, click + (Add User), and then click Scan Barcode to scan the code. If your mobile phone does not support this feature, you can click Input Manually to enter the MFA key yourself.

    After you have scanned the code, the user is added automatically and your MFA application will display a dynamic password for the account. Note that the dynamic password is updated every 30 seconds.

  3. Acquire two consecutive passwords.

    On the Enable Virtual MFA Device page, enter the consecutive passwords displayed in the MFA application, and then click Confirm to bind button, as shown in the following figure:

    Acquire Two Consecutive Passwords

The MFA device is then successfully enabled.

Logon process with MFA enabled (two-step authentication process)

  1. Log on to the console with your user name and password.

  2. After the password is verified, you also need to provide a dynamic verification code from the VMFA device, as shown in the following figure:

    Two-step Logon 2

After you pass the two-step verification, you successfully log on to Alibaba Cloud.

Thank you! We've received your feedback.