Amazon IAM FAQs

A virtual MFA device is an entry created in a TOTP -compatible software app that can generate six-digit authentication codes. The software app can run on any compatible computing device, such as a smartphone.

You can configure a new virtual MFA device in the IAM console for your IAM users. You will find the MFA configuration workflow on the Security Credentials page in the IAM console . For more information about how to provision a virtual MFA device, see Enabling a Virtual Multi-factor Authentication (MFA) Device .

A QR code is a two-dimensional barcode that is readable by dedicated QR barcode readers and most smartphones. The code consists of black squares arranged in larger square patterns on a white background. The QR code contains the required security configuration information to provision a virtual MFA device in your virtual MFA app.

You should treat seed material like any other secret (for example, Amazon Web Services secret keys and passwords).

Grant the IAM user the permission to call the CreateVirtualMFADevice API. You can use this API to provision new virtual MFA devices.