AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-04-03 · Documentation low

File: IAM/latest/UserGuide/id_credentials_mfa.md

Summary

Updated documentation for MFA requirements: 1) Added 'AWS' qualifier to Organizations reference 2) Removed hyphen from SMS MFA section header 3) Changed 'root or IAM MFA device' to 'root user or IAM MFA device' 4) Minor wording improvements in resource section

Security assessment

Changes are clarifications and terminology updates rather than addressing specific security vulnerabilities. The SMS MFA deprecation notice was already present, only formatting changed.

Diff

diff --git a/IAM/latest/UserGuide/id_credentials_mfa.md b/IAM/latest/UserGuide/id_credentials_mfa.md
index 14863ccf8..1271c3264 100644
--- a//IAM/latest/UserGuide/id_credentials_mfa.md
+++ b//IAM/latest/UserGuide/id_credentials_mfa.md
@@ -11 +11 @@ For increased security, we recommend that you configure multi-factor authenticat
-While MFA is enforced for root users by default, it requires customer action to add MFA during the initial account creation or as prompted during sign-in. For example, AWS requires that you register MFA for the root user of your organization's management account within the first 35 days of signing in. For more information, see [Secure your Organizations account root user credentials](./root-user-best-practices.html#ru-bp-organizations). 
+While MFA is enforced for root users by default, it requires customer action to add MFA during the initial account creation or as prompted during sign-in. For example, AWS requires that you register MFA for the root user of your organization's management account within the first 35 days of signing in. For more information, see [Secure your AWS Organizations account root user credentials](./root-user-best-practices.html#ru-bp-organizations). 
@@ -97 +97 @@ For instructions on setting up a hardware TOTP token for an IAM user, see [Assig
-**SMS text message-based MFA** – AWS ended support for enabling SMS multi-factor authentication (MFA). We recommend that customers who have IAM users that use SMS text message-based MFA switch to one of the following alternative methods: [Passkey or security key](./id_credentials_mfa_enable_fido.html), [virtual (software-based) MFA device](./id_credentials_mfa_enable_virtual.html), or [hardware MFA device](./id_credentials_mfa_enable_physical.html). You can identify the users in your account with an assigned SMS MFA device. In the IAM console, choose **Users** from the navigation pane, and look for users with **SMS** in the **MFA** column of the table.
+**SMS text message-based MFA** AWS ended support for enabling SMS multi-factor authentication (MFA). We recommend that customers who have IAM users that use SMS text message-based MFA switch to one of the following alternative methods: [Passkey or security key](./id_credentials_mfa_enable_fido.html), [virtual (software-based) MFA device](./id_credentials_mfa_enable_virtual.html), or [hardware MFA device](./id_credentials_mfa_enable_physical.html). You can identify the users in your account with an assigned SMS MFA device. In the IAM console, choose **Users** from the navigation pane, and look for users with **SMS** in the **MFA** column of the table.
@@ -122 +122 @@ To help secure your AWS identities, follow these recommendations for MFA authent
-  * You cannot use the same name for more than one root or IAM MFA device.
+  * You cannot use the same name for more than one root user or IAM MFA device.
@@ -129 +129 @@ To help secure your AWS identities, follow these recommendations for MFA authent
-The following resources can help you learn more about IAM MFA.
+The following resources can help you learn more about MFA.
@@ -133 +133 @@ The following resources can help you learn more about IAM MFA.
-  * You can leverage IAM Identity Center to enable secure MFA access to the AWS access portal, IAM Identity Center integrated apps, and the AWS CLI. For more information, see [Enable MFA in IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/mfa-getting-started.html).
+  * You can leverage IAM Identity Center to enable secure MFA access to your AWS access portal, IAM Identity Center integrated apps, and the AWS CLI. For more information, see [Enable MFA in IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/mfa-getting-started.html).