This topic describes how to enable a multi-factor authentication (MFA) device for your Alibaba Cloud account. This topic uses the Google Authenticator app as an example to explain the detailed procedure. After you enable an MFA device, it provides additional security protection for your Alibaba Cloud account.

Procedure

  1. Log on to the Alibaba Cloud console with an Alibaba Cloud account.
  2. Move the pointer over the profile picture in the upper-right corner of the console, and click Security Settings.
  3. In the Account Protection section of the Security Settings page, click Edit.
    Note MFA is now renamed TOTP.
  4. On the Turn on Account Protection page, select scenarios, select the TOTP verification method, and then click Submit.
  5. In the Verify identity step of the Identity Verification page, select a verification method.
  6. Click Verify now, enter the verification code, and then click Submit.
  7. Download and install Google Authenticator on your mobile phone. After you install Google Authenticator, go back to the Install the application step of the Identity Verification page and click Next.
    • For iOS, install the Google Authenticator app from the App Store.
    • For Android, install the Google Authenticator app from the Google Play Store.
      Note For Android, you must install a QR code scanner from the Google Play Store for Google Authenticator to identify QR codes.
  8. Open the Google Authenticator app and tap BEGIN SETUP.
  9. Select a method to enable the MFA device from the following available options.
    • (Recommended) Tap Scan barcode in the Google Authenticator app, and scan the QR code in the Enable the MFA step of the Identity Verification page in the Alibaba Cloud console.
    • Tap Manual entry, enter the username and key, and then tap the icon in the Google Authenticator app.
      Note You can find the username and key by moving the pointer over Scan failed in the Enable the MFA step of the Identity Verification page.
  10. In the Enable the MFA step of the Identity Verification page, enter the dynamic verification code in the Google Authenticator app, and click Next to complete the account protection settings.
    Note The verification code in the Google Authenticator app is refreshed every 30 seconds.

What to do next

If you log on to the Alibaba Cloud console with MFA enabled, you must enter the following information:

  1. Username and password of the RAM user
  2. Verification code provided by the MFA device
Note
  • The MFA settings for your Alibaba Cloud account do not apply to your RAM users.
  • Before you uninstall or remove an MFA device, you must log on to the Alibaba Cloud console and disable the MFA device. Otherwise, a logon failure may occur.