DEV Community

Discussion on: Multi-Factor Authentication in the Cloud

Collapse
 
secure_it_all profile image
Secure It all

One note on MFA in the cloud is that it's not just for users to login - you can also mandate mfa auth for API operations

Collapse
 
alexpgmr profile image
Alex • Edited

How does MFA apply to API operations considering the "Something that you have" criteria?

Collapse
 
jamesajayi profile image
James Ajayi

In the context of API operations, the "something that you have", criteria of MFA would be how users are requested to possess a valid API key or token asides from their username and passcode.

Some cloud services providers like Amazon Web Services(AWS) offer MFA options that are integrated with their API services.

I hope this helps?

Thread Thread
 
alexpgmr profile image
Alex

Thanks for the reply! I meant using devices like hardware tokens or phones for MFA, in the context of performing API operations from scripts.

Collapse
 
jamesajayi profile image
James Ajayi • Edited

Oh, yes!
MFA could serve as a multi-layered approach for the security of API operations to avoid unauthorised access and data breaches.

Thanks for that brilliant point.