Configuring multi-factor authentication (MFA) for your Alibaba Cloud account is a security best practice for securing your cloud assets. This topic uses the Google Authenticator app as an example to describe how to attach a virtual MFA device to your Alibaba Cloud account.
What is MFA and why should you configure it?
MFA adds an extra layer of protection on top of your username and password.
It requires you to provide two forms of verification when you sign in:
First verification: Enter your username and password.
Second verification: Provide another form of authentication, such as a six-digit dynamic verification code that is automatically generated by a virtual MFA device every 30 seconds.
With two-factor authentication, even if your password is compromised, no one can log on to your account without your device. This effectively prevents account theft and significantly improves account security.
What MFA methods do Alibaba Cloud accounts support?
Alibaba Cloud accounts support multiple MFA methods, such as text message verification codes. This topic focuses on virtual MFA devices, which are software-based MFA applications. A virtual MFA device is an app that follows the time-based one-time password (TOTP) standard (RFC 6238). It generates a new six-digit verification code every 30 seconds. You use this code for secondary authentication during logon and other critical operations.
Recommended authenticator apps:
Google Authenticator: A mainstream TOTP standard app for Android and iOS.
Other TOTP-compatible authenticators: Microsoft Authenticator.
Enable account protection
Log on to the Alibaba Cloud Account Center. Go to the Security Settings page. In the Account Protection section, click View to go to the Account Protection settings page.
On the Turn on Account Protection page, select one or more scenarios and verification methods. Click Submit to go to the identity verification page.
TOTP verification
On the identity verification page, you can authenticate using your email address or phone number.
Download and install Google Authenticator on your phone. After the installation is complete, click Next to go to the attach page. If you have already installed the app, click Next.
Use Google Authenticator to scan the QR code and obtain a 6-digit verification code. Enter the code and click Next to complete the account protection settings.
Text message verification
On the Verify Identity page, you can receive a text message verification code sent to your Phone Number.
Enter the verification code from the text message and click Submit to complete the account protection settings.
NoteIf you select the Text Message Verification method and do not have a phone number attached to your account, you must first authenticate using your email address. Then, you can attach a phone number to enable account protection.
You have successfully enabled account protection.
