Update security challenge questions - AWS Account Management

Update security challenge questions

Security challenge questions are a verification method used previously to verify an identity in account recovery scenarios. They are less secure than more modern forms of verification, such as multi-factor authentication (MFA). If you currently have security challenge questions active on your AWS account, AWS Support can use these to help authenticate you as the owner of the account.

Important

Starting January 5, 2024, AWS will no longer support security challenge questions for accounts that have not already enabled and used them. This will remove the option to add new security challenge questions from the Accounts page in the AWS Management Console. If you have already set security challenge questions or have already set them on the management account in your AWS Organization, you can continue to use them. After January 6, 2025, AWS will no longer support security challenge questions for all remaining customers. We encourage you to add MFA instead. For more information, see AWS Accounts discontinues the use of security challenge questions.

To edit existing security challenge questions and provide the answers, perform the steps in the following procedure.

AWS Management Console
To edit security challenge questions for your AWS account
Minimum permissions

To perform the following steps, you must have at least the following IAM permissions:

  • account:GetChallengeQuestions (to see the security challenge questions)

  • account:PutChallangeQuestions (to set or update the security challenge questions)

  1. Sign in to the AWS Management Console as either the AWS account root user or as an IAM user or role that has the minimum permissions.

  2. Choose your account name on the top right of the window, and then choose Account.

  3. Scroll down to the section Security challenge questions and choose Edit.

    Note

    If you don't see the Edit option, it is likely that you are not signed in as the root user for your account or as someone who has the minimum permissions specified above.

  4. Change the values in any of the available fields. You can select any of the provided questions, and then enter the appropriate answer.

  5. After you complete your changes, choose Update.

AWS CLI & SDKs

This task isn't supported in the AWS CLI or by an API operation from one of the AWS SDKs. You can perform this task only by using the AWS Management Console.