Passwords alone are not enough to protect a cloud account — if your credentials are leaked, an attacker gains immediate access. Multi-factor authentication (MFA) requires a second verification step on every login, so your account stays protected even if your password is compromised. This topic uses Google Authenticator to walk you through attaching a virtual MFA device to your Alibaba Cloud account.
How MFA works
With MFA enabled, every login requires two verification steps:
Enter your username and password.
Enter a 6-digit dynamic code from your MFA device or a text message sent to your mobile phone.
MFA methods
Alibaba Cloud accounts support multiple MFA methods. This topic focuses on virtual MFA devices — authenticator apps that follow the time-based one-time password (TOTP) standard (RFC 6238) and generate a 6-digit dynamic code every 30 seconds.
Supported TOTP apps:
Google Authenticator — available for Android and iOS
Microsoft Authenticator and other TOTP-compatible authenticators
Attach a virtual MFA device
Prerequisites
Before you begin, ensure that you have:
An Alibaba Cloud account
Google Authenticator (or another TOTP-compatible app) installed on your mobile phone
Step 1: Open account protection settings
Log on to the Account Center. Go to the Security Settings page. In the Other Settings section, click Set up next to Account Protection.
Step 2: Select scenarios and verification methods
On the Enable Account Protection page, select one or more scenarios and a verification method. Click OK to go to the identity verification page.
Step 3: Verify your identity and attach the device
Complete identity verification using one of the following methods, then attach your MFA device.
TOTP verification
On the identity verification page, verify your identity using your email address or mobile phone number.
Download and install Google Authenticator on your mobile phone. Click Next.
Open Google Authenticator and scan the QR code. Enter the 6-digit verification code it generates, then click Next.
Text message verification
On the Verify Identity page, request a verification code to your mobile phone.
Enter the verification code from the text message and click OK.
If your account is not attached to a mobile phone number, authenticate with your email address first, then attach a mobile phone number to complete account protection setup.
Result
Account protection is now enabled for your Alibaba Cloud account.
