What is multi-factor authentication (MFA) and why should it be enforced for cloud accounts?

Easy Topic: System Design May 24, 2026

MFA requires two or more verification factors: something you know (password) + something you have (TOTP app, hardware key) + something you are (biometric). Even if a password is compromised, MFA prevents unauthorized access.

For AWS/cloud accounts:

Enforce MFA on the root account immediately and don’t use it routinely
Require MFA for IAM users via SCP or IAM policy condition
Use hardware MFA keys (YubiKey) for privileged accounts
Enable AWS Organizations SCPs to deny API calls unless MFA is present

← Previous What is a bastion host (jump server) and... Next → Explain the OWASP Top 10 and which items...

Practice Similar Questions

What is the difference between authentication and authorization?

How do you implement security scanning in a GitHub Actions...

What is Zero Trust Architecture and how does it apply...

Back to System Design Topics