IAM Root User has Hardware MFA Disabled

Tenacity Id

Risk Level




Last Updated:

April 21, 2022

The root user account does not have a hardware multi-factor authentication (MFA) device attached. A hardware MFA device is a dedicated physical object that provides a security token. Hardware MFA devices have fewer potential points of vulnerability than virtual MFA devices (e.g. smartphone, web browser app) and ensures your root user account is more secure. A hardware MFA devices should be attached to your root user.