Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
burntsushi
7y ago
0 comments
Save
Share
AWS at least lets you sign in using alternative methods if you get locked out:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credenti...
0 comments
3 comments · 1 top-level
top
newest
oldest
stingraycharles
7y ago
· 2 in thread
Which in itself is a problem: it means the MFA device is not required, if only they have access to my email + phone.
burntsushi
OP
7y ago
Sure, I know. Just pointing out that, at least for AWS, you do not need recovery codes or a second device for MFA. For me personally, phone+email is good enough for my threat model.
mschout
7y ago
Yes, AWS MFA is very poorly implemented.
j
/
k
navigate · click thread line to collapse
