We recommend that you enable multi-factor authentication (MFA) for your Alibaba Cloud account.
Potential risks
By default, you use the username and password for your Alibaba Cloud account to log on to the console. If these credentials are leaked, an attacker can gain access and perform risky operations.
MFA is a security enhancement that adds an extra layer of protection in addition to your username and password. After you enable MFA for your Alibaba Cloud account, you must enter the username and password of your Alibaba Cloud account when you log on to the Alibaba Cloud Management Console. Then, you must enter the verification code that is generated by a virtual MFA device or pass the U2F authentication. The verification code becomes invalid within a short period of time. This way, the security of your Alibaba Cloud account is enhanced.
Risk level
Medium-level risks may occur.
Best practices
Enable MFA for the root account.
Governance suggestions
We recommend that you enable MFA for your Alibaba Cloud account. For more information, see Bind an MFA device to an Alibaba Cloud account.
Governance difficulty
The governance difficulty is low.