How to Secure Your AWS Account Using a Hardware security key [YubiKey]

I have set up Single Sign-On (SSO) for my personal AWS account, which is great because it allows me to effortlessly switch between AWS accounts while doing podcasts, live demos, or learning. I recently purchased a YubiKey from https://www.yubico.com/ to secure my personal AWS Account. You might be wondering why it's necessary to secure your AWS Account. It's important to keep your account secure regardless of whether you're using it for learning or production purposes.

AWS provides several options for setting up a MFA device. In this article, I will demonstrate how to easily configure Yubikey for SSO user log in in AWS.

• Authenticator App
  • Google Authenticator, Authy, or other similar apps for two-factor authentication.

Please ensure that you have already enabled this feature.

• Built-in authenticator

  • For example, Apple Touch ID, Windows Hello, or similar technology.

• Security Key

  • Using a hardware security key, such as YubiKey, for authentication purposes. I am writing about this topic today.
  • If you'd like to learn more about WebAuthn and FIDO2, I recommend checking out this article: https://aws.amazon.com/blogs/aws/multi-factor-authentication-with-webauthn-for-aws-sso/

This is what I bought from https://www.yubico.com/nz/product/yubikey-bio-series/yubikey-c-bio/

Let's get started

• Log in to AWS SSO

• Click the MFA Devices and click Register device

• Select Security key and click Next

• Insert the YubiKey into the USB port and touch the fingerprint reader (If you are using the same version), I bought a USB C Bio version. Allow the site to access the Key.

• Enter the PIN "When setting up your YubiKey for the first time, you must create a secure PIN"

• Touch the key again to complete the setup

• Yay!! The security key has been registered successfully.

• I can see that a new security key has been added to the MFA devices.

Let's log in back to the AWS SSO

• After you enter your username and password, it will display a prompt that looks like this.

• Plug the key and touch the fingerprint sensor

Conclusion

WebAuthn is a highly secure authentication method. By using a hardware security key, you can make log in to and securing your AWS account much easier. In this article, I have demonstrated how to secure your AWS SSO log in using hardware security key (YubiKey). However, you can also use a hardware security key to secure your IAM access.