AWS Identity and Access Management
User Guide

Supported Configurations for Using U2F Security Keys

You can use U2F as a multi-factor authentication (MFA) method in AWS using currently supported configurations. These include U2F devices supported by AWS and browsers that support U2F.

U2F Devices Supported by AWS

AWS currently supports U2F-compliant security devices that plug into USB ports on your computer.

Note

If you are using security devices manufactured by Yubico, we recommend using the Yubico YubiKey 4 or 5. If you have an earlier version, we recommend that you check the security guidelines on the Yubico support site.

For information on purchasing a supported device, see Multi-Factor Authentication.

Browsers That Support U2F

The following browsers currently support the use of U2F security keys:

  • Google Chrome, version 38 and later.

  • Opera, version 40 and later.

  • Mozilla Firefox, version 57 and later.

    Note

    Most Firefox versions that currently support U2F do not enable support by default. For instructions on enabling U2F support in Firefox, see Troubleshooting U2F Security Keys.

Browser Plugins

AWS currently supports only browsers that natively support the U2F standard. AWS does not support using plugins to add U2F browser support. Also note that some browser plugins are incompatible with the U2F standard and can cause unexpected results with U2F security keys.

For information on disabling browser plugins and other troubleshooting tips, see I can't enable my U2F security key.

Mobile Environments

AWS does not currently support the use of U2F security keys with mobile browsers or non-USB U2F devices.

The AWS Console Mobile App does not currently support using U2F security keys for MFA.

AWS CLI and AWS API

AWS currently supports using U2F security keys only in the AWS Management Console. Using U2F security keys for MFA is not currently supported in the AWS CLI and AWS API, or for access to MFA-protected API operations.

Additional Resources