1 00:00:00,670 --> 00:00:02,660 So we are going to first set up 2 00:00:02,660 --> 00:00:04,420 a password policy for our account. 3 00:00:04,420 --> 00:00:06,400 So on account settings, on the left hand side, 4 00:00:06,400 --> 00:00:08,780 we click on change password policy 5 00:00:08,780 --> 00:00:10,410 and here we can enforce a password policy. 6 00:00:10,410 --> 00:00:11,243 For example, 7 00:00:11,243 --> 00:00:12,750 the password minimum length, 8 00:00:12,750 --> 00:00:14,370 we can require one uppercase, 9 00:00:14,370 --> 00:00:15,840 one lowercase, one number, 10 00:00:15,840 --> 00:00:18,740 you can customize your password policy as you wish 11 00:00:18,740 --> 00:00:21,010 and then click on save changes. 12 00:00:21,010 --> 00:00:24,770 This password policy enhances the security of your accounts. 13 00:00:24,770 --> 00:00:27,150 The second thing we need to do is to set up 14 00:00:27,150 --> 00:00:29,160 MFA for our root accounts. 15 00:00:29,160 --> 00:00:31,970 So the root account is again, very important to protect 16 00:00:31,970 --> 00:00:34,350 because it has full power of your accounts. 17 00:00:34,350 --> 00:00:35,490 And so, as a note, 18 00:00:35,490 --> 00:00:38,100 this is something I'm going to do in front of you for demo. 19 00:00:38,100 --> 00:00:39,370 You don't have to do it. 20 00:00:39,370 --> 00:00:40,203 And if you do it 21 00:00:40,203 --> 00:00:42,270 then you have higher security on your accounts. 22 00:00:42,270 --> 00:00:44,020 But if you lose your MFA token 23 00:00:44,020 --> 00:00:45,590 then you will be locked out of your account. 24 00:00:45,590 --> 00:00:47,990 So again, you can just see what I'm doing 25 00:00:47,990 --> 00:00:49,970 and not follow the hands on, if you want. 26 00:00:49,970 --> 00:00:52,510 And so we can click on the account name 27 00:00:52,510 --> 00:00:53,590 on the right hand side, 28 00:00:53,590 --> 00:00:56,520 top right and click on my security credentials. 29 00:00:56,520 --> 00:00:58,540 This takes us to this page where we can click 30 00:00:58,540 --> 00:01:00,500 on the multi-factor authentication 31 00:01:00,500 --> 00:01:03,850 and we're going to activate MFA to protect our accounts. 32 00:01:03,850 --> 00:01:04,790 So we have three options, 33 00:01:04,790 --> 00:01:08,970 we have virtual MFA, UTF security key 34 00:01:08,970 --> 00:01:11,010 or other hardware MFA device. 35 00:01:11,010 --> 00:01:12,120 Because we want to use our phone, 36 00:01:12,120 --> 00:01:15,690 we're going to use a virtual MFA device. 37 00:01:15,690 --> 00:01:18,990 Here we have a list of compatible applications we can use 38 00:01:18,990 --> 00:01:20,289 to set up MFA. 39 00:01:20,289 --> 00:01:22,190 And so on this web page you can have a look, 40 00:01:22,190 --> 00:01:25,400 but by scrolling down for the virtual MFA applications 41 00:01:25,400 --> 00:01:28,850 for Android and iPhone we can use all of these in this list. 42 00:01:28,850 --> 00:01:31,370 My personal favorite is to use Authy 43 00:01:31,370 --> 00:01:34,270 so there's Authy for Android and Authy for iPhone 44 00:01:34,270 --> 00:01:36,770 and it is a free application that I really like. 45 00:01:36,770 --> 00:01:38,350 So let me show you how this works. 46 00:01:38,350 --> 00:01:42,333 So we are in here and I'm going to show the QR code. 47 00:01:43,170 --> 00:01:46,250 Next, I'm going to start Authy on my phone. 48 00:01:46,250 --> 00:01:48,500 So Authy is started on my phone 49 00:01:48,500 --> 00:01:51,120 and I'm going to go and add an account, 50 00:01:51,120 --> 00:01:52,560 scan a QR code 51 00:01:53,690 --> 00:01:56,010 and I will scan the QR code right here. 52 00:01:56,010 --> 00:01:57,330 It's adding the accounts 53 00:01:57,330 --> 00:01:59,350 so you need to make sure that you're happy 54 00:01:59,350 --> 00:02:01,790 with the logo, as well as the account nickname. 55 00:02:01,790 --> 00:02:03,780 So everything looks good to me. 56 00:02:03,780 --> 00:02:06,150 I will click on save and here I get a code. 57 00:02:06,150 --> 00:02:09,110 So the first MFA code I have to enter in this box 58 00:02:09,110 --> 00:02:12,680 so nine, eight, two, two, three, five 59 00:02:12,680 --> 00:02:15,480 and then I have to wait an extra 15 seconds 60 00:02:15,480 --> 00:02:17,623 for the new code to appear. 61 00:02:19,200 --> 00:02:24,120 And my next code is one, eight, five, six, one, two. 62 00:02:24,120 --> 00:02:24,980 So they're linked. 63 00:02:24,980 --> 00:02:29,480 I assign the MFA and it is successfully assigned the MFA. 64 00:02:29,480 --> 00:02:33,390 So we'll be prompted to use an MFA next time that we login 65 00:02:33,390 --> 00:02:35,020 into our accounts. 66 00:02:35,020 --> 00:02:36,940 So to do so, what I'm going to do 67 00:02:36,940 --> 00:02:41,740 is that I'm going to log out of my AWS accounts, right here 68 00:02:41,740 --> 00:02:44,240 and I'm going to sign in the console again. 69 00:02:44,240 --> 00:02:47,423 I will use my root user and I will enter my email. 70 00:02:48,930 --> 00:02:51,470 And then I will enter the MFA token 71 00:02:51,470 --> 00:02:52,520 I am getting from the device 72 00:02:52,520 --> 00:02:55,050 so two, five, zero, nine, five, five, 73 00:02:55,050 --> 00:02:56,550 click on submit. 74 00:02:56,550 --> 00:02:57,390 And here I go, 75 00:02:57,390 --> 00:03:00,960 I am connected into my management console using MFA. 76 00:03:00,960 --> 00:03:03,740 So that's it, MFA is set up for my root accounts. 77 00:03:03,740 --> 00:03:04,573 Once you do so, 78 00:03:04,573 --> 00:03:08,430 please make sure not to lose your phone or your MFA device 79 00:03:08,430 --> 00:03:10,233 because then you will be locked out of your account. 80 00:03:10,233 --> 00:03:13,940 So that is something very important not to lose. 81 00:03:13,940 --> 00:03:15,320 And I hope you like this lecture. 82 00:03:15,320 --> 00:03:17,070 I will see you in the next lecture.