I'm using multi-factor authentication (MFA) to log into the Amazon AWS console. I'm using Google Authenticator on my Android phone to generate the one-time tokens.
Other services sometimes provide one-time backup codes in case the token device is lost or damaged. Is there a way I can save some one-time backup codes for AWS MFA?
Best Answer
You can create redundant code before your device is lost or a reason.
Deactivate MFA, then configure and enable a virtual MFA device for use. Make a secure backup of the secret configuration key or QR code.
For example, if you lose the smartphone where the virtual MFA app is configured.
Google Authenticator → Set up account → Enter provided key
Account name: (root-account-mfa-device@xxxxxxxxxxx)
Enter your key: (secret configuration key)