Amazon's cloud gets multi-factor authentication

Users of Amazon Web Services are being offered authentication devices, similar to those used by many online banking customers, for secure access to their cloud services accounts.

The AWS Multi-Factor Authentication (AWS MFA) security system was announced on Monday on the Amazon Web Services Blog. The system uses a device roughly the size of a USB memory stick to generate a single-use, six-digit code which can be used as an extra layer of security after the entry of the user's email address and password.

One token generator is currently on offer — the Ezio, from security company Gemalto — but Amazon says a variety of companies will provide the devices.

In the blog post, the AWS team said the device should be "especially attractive" to the service's enterprise customers.

"The devices are small, lightweight, and long-lasting," the team wrote. "Fraudulent usage becomes much more difficult because a successful login combines something you know (your email address and password) with something you have (the authentication device)."

The single-use passwords are generated according to a reference architecture provided by the Initiative for Open Authentication (OATH), an industry body for authentication open standards. Only one device can be used for accessing each AWS account.

Gemalto's Ezio device is currently only available to US customers. Requests to Amazon for a time scale for UK customers being able to use MFA on their AWS accounts received no reply at the time of writing.