Skip to content
Better HN
Top
New
Best
Ask
Show
Jobs
Search
⌘K
0 points
burntsushi
6y ago
0 comments
Share
AWS at least lets you sign in using alternative methods if you get locked out:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credenti...
undefined | Better HN
0 comments
default
newest
oldest
stingraycharles
6y ago
Which in itself is a problem: it means the MFA device is not required, if only they have access to my email + phone.
burntsushi
OP
6y ago
Sure, I know. Just pointing out that, at least for AWS, you do not need recovery codes or a second device for MFA. For me personally, phone+email is good enough for my threat model.
mschout
6y ago
Yes, AWS MFA is very poorly implemented.
j
/
k
navigate · click thread line to collapse
