Supported configurations for using U2F security keys - AWS Identity and Access Management

Supported configurations for using U2F security keys

You can use U2F as a multi-factor authentication (MFA) method in AWS using currently supported configurations. These include U2F devices supported by AWS and browsers that support U2F.

U2F devices supported by AWS

AWS currently supports U2F-compliant security devices that plug into USB ports on your computer.


AWS requires access to the physical USB port on your computer to verify your U2F device. U2F MFA will not work with a virtual machine, a remote connection, or a browser's incognito mode.

For information on purchasing a supported device, see Multi-Factor Authentication.

Browsers that support U2F

The following browsers currently support the use of U2F security keys:

  • Google Chrome, version 38 and later.

  • Opera, version 40 and later.

  • Mozilla Firefox, version 57 and later.


    Most Firefox versions that currently support U2F do not enable support by default. For instructions on enabling U2F support in Firefox, see Troubleshooting U2F security keys.

Browser plugins

AWS currently supports only browsers that natively support the U2F standard. AWS does not support using plugins to add U2F browser support. Also note that some browser plugins are incompatible with the U2F standard and can cause unexpected results with U2F security keys.

For information on disabling browser plugins and other troubleshooting tips, see I can't enable my U2F security key.

Mobile environments

AWS does not currently support the use of U2F security keys with mobile browsers or non-USB U2F devices.

The AWS Console Mobile App does not currently support using U2F security keys for MFA.


AWS currently supports using U2F security keys only in the AWS Management Console. Using U2F security keys for MFA is not currently supported in the AWS CLI and AWS API, or for access to MFA-protected API operations.

Additional resources