Enabling multi-factor authentication (MFA) for privileged accounts enhances security by requiring users to provide additional verification beyond just a password. This verification can be something you know (e.g. SMS code), something you have (e.g. access token), something you are (e.g. fingerprint). This reduces the risk of unauthorized access even if passwords are compromised. Storing access keys in plaintext, even in encrypted volumes, is not secure because it can lead to exposure of credentials if the volume content is exposed. Implementing protection against DDoS attacks helps with availability but does not prevent unauthorized access to accounts. Activating logging of API calls helps with auditing and monitoring but is irrelevant as to prevent unauthorized access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is multi-factor authentication (MFA) and how does it work?
Open an interactive chat with Bash
Why is it risky to store access keys in plaintext, even on encrypted volumes?
Open an interactive chat with Bash
What are some best practices for managing privileged accounts in AWS?