Configuring multi-factor authentication (MFA) for your Alibaba Cloud account is one of the best practices for securing your cloud assets. This topic uses the Google Authenticator app as an example to describe how to attach a virtual MFA device to your Alibaba Cloud account.
What is MFA and why should you configure it?
Multi-Factor Authentication (MFA) is a security best practice that adds an extra layer of protection on top of your username and password.
When you enable MFA, you must complete two verification steps to log on to Alibaba Cloud:
First verification: Enter your username and password.
Second verification: Use another authentication method, such as a six-digit dynamic code generated by a virtual MFA device every 30 seconds.
With this two-step verification, even if your password is compromised, no one can log on to your account without your physical device. This helps prevent account theft and greatly improves security.
What MFA methods do Alibaba Cloud accounts support?
Alibaba Cloud accounts support multiple MFA methods, such as text message verification. This topic focuses on virtual MFA devices, which are software-based MFA applications. A virtual MFA device is an app that follows the time-based one-time password (TOTP) standard (RFC 6238). It generates a six-digit dynamic code every 30 seconds for secondary authentication during logon and other critical operations.
Recommended virtual MFA applications
Google Authenticator: A mainstream TOTP standard app for Android and iOS.
Other TOTP-compatible authenticators: Such as Microsoft Authenticator and Authenticator (for Windows Phone).
Attach a virtual MFA device
Log on to the Alibaba Cloud Account Center. Go to the Security Settings page. In the Other Settings section, click Set up for Account Protection.
On the Enable Account Protection page, select one or more scenarios and verification methods. Click OK to go to the identity verification page.
TOTP verification
On the identity verification page, you can authenticate using your email address or mobile phone number.
Download and install Google Authenticator on your mobile phone. After the installation is complete, click Next to go to the attach page. If you have already installed the app, click Next.
Use Google Authenticator to scan the QR code, get a 6-digit verification code, enter the code, and then click Next to complete the account protection settings.
Text message verification
On the Verify Identity page, you can receive a text message verification code on your mobile phone.
Enter the verification code from the text message and click OK to complete the account protection settings.
NoteIf you select Text Message Verification and your account is not attached to a mobile phone number, you must first authenticate using your email address. Then, attach a mobile phone number to enable account protection.
You have successfully enabled account protection.
