The White House released a fact sheet following the meeting, listing the announcements by the companies who were present in the meeting, including Amazon. It said AWS will offer “a multi-factor authentication (MFA) device to protect against cybersecurity threats like phishing and password theft.”
MFA or even 2FA is no-longer touted as an additional add-on, but rather security professionals believe that it should be a mandatory access control mechanism that’ll add a much-needed extra layer of protection in addition to passwords.
Under lock and key
While the fact sheet mentioned the keys will be offered for free, CNBC reports the giveaway comes with certain conditions.
An Amazon spokesperson told CNBC that root account owners of AWS’ US-based customers, who consume cloud services of over $100/month, will be able to request the USB security keys starting in October.
However, users who already subscribe to Identity and Access Management (IAM) services are not eligible for receiving the keys.
AWS supports keys from three vendors including Gemalto, SurePassID, and Yubico. While the Amazon spokesperson declined to name the vendor that will produce the keys for the giveaway, SurePassID was the only one that confirmed to CNBC that it hasn’t been approached by AWS for the program.