Hopefully, ‘Multi-Entrance’ MFA is Not Allowed There
I owe this article to ‘idenhaus’ Newsletter — “AWS Focuses on Identity Access Management at re:Inforce” https://www.darkreading.com/dr-tech/aws-focuses-on-identity-access-management-at-re-inforce
- Multi-Layer deployment; better security and poorer availability
- Multi-Entrance deployment: better availability and poorer security
This is what I examined in “MFA: Multi-Layer or Multi-Entrance?” https://www.linkedin.com/posts/hitoshikokumai_cisa-adopt-modern-auth-now-for-exchange-activity-6948873184221749249-2QOW
and “Where ‘2’ is Weaker than ‘1’” https://www.linkedin.com/posts/hitoshikokumai_democracy-privacy-ethics-activity-6950278500830310400-6gLj
Where security matters, MFA must be multi-layer. ‘MFA in multi-entrance deployment’ must not be allowed unless security is a lower priority.
I do wish that AWS is enforcing the multi-layer deployment on security-oriented users.
Digital identity blogs collected at https://www.linkedin.com/pulse/collection-digital-identity-comments-hitoshi-kokumai-posted-kokumai/