Ask HN: AWS registering MFA will be required in 29 days

7 points by herodoturtle - 262 Days, 1 Hour ago Hacker News

Hi folks,

When signing into our AWS console this morning we noticed this security popup - "Registering MFA will be required in 29 days".

Below the notice is a list of options for registering for MFA, and I quote:

> 1. Passkey or Security key: Authenticate using your fingerprint, face, or screen lock. Create a passkey on this device or use another device, like a FIDO2 security key.

> 2. Authenticator app: Authenticate using a code generated by an app installed on your mobile device or computer.

> 3. Hardware TOTP Token: Authenticate using a code generated by hardware TOTP token or other hardware devices.

Perhaps this is a dumb question, but why can't we just use email for 2FA? (or maybe there is a way and we've just missed it?)

If email 2FA is not an option, which of the above 3 options would you recommend to minimise hassle?

(Option 1 looks simple but sounds like it's limited to individual devices? Option 2 - the idea of installing an app - irks us. With option 3 would we each need a hardware token?)

Any guidance would be appreciated. Thanks.