Are there benefits to using hardware security tokens for AWS Account access?
I’ve got access to numerous AWS accounts and typically use my phone as the MFA (Multi-Factor Authentication) device. That is a handy, secure, and cost-effective solution.
There is a specific case in which I do recommend using a hardware security token as the secondary MFA. I use it to protect access to the Root User of the AWS Management Account.
Let’s break this down:
✅ The Root User has unlimited permissions, can create and destroy any AWS infrastructure, and manage other users in that account.