Notification of Changes to Default Settings for Multi-Factor Authentication (MFA) Configurations in Resource Access Management
May 24, 2024
Resource Access Management
Effective from: 14:00, July 15, 2024, UTC+8
Description: Multi-factor authentication (MFA) effectively prevents unauthorized access caused by password leaks. To enhance the security of your resources and data, Alibaba Cloud Resource Access Management (RAM) introduces the following default setting changes which will be effective from 14:00, July 15, 2024:
1. The default value of MFA for RAM User Logons in RAM User Security Settings is changed for users who use RAM for the first time.
○ MFA for RAM User Logons in RAM User Security Settings will default to Enable for All Users. OpenAPI: MFAOperationForLogin of the SetSecurityPreference operation will default to mandatory. This means that RAM users are required to pass an MFA every time they log on.
○ By default, mobile phones and email addresses will be selected as means of MFA in RAM User Security Settings. OpenAPI: VerificationTypes of the SetSecurityPreference operation will default to ["sms","email"].
2. If you change the value of MFA for RAM User Logons in RAM User Security Settings to Required Only for Unusual Logon, the Whether to Enable MFA Upon Unusual Logon parameter will default to Must Bind MFA Device.
3. When you create a RAM user that can be used to log on to the console, Enable MFA in the Logon Settings of the user will default to Required. OpenAPI: MFABindRequired of the CreateLoginProfile and UpdateLoginProfile operations will default to true. This means that the RAM user must bind an MFA device and must pass an MFA each time the user logs on.
Administrators with the required permissions can modify the preceding configurations. However, we recommend that you fully consider security risks when you make the modifications. If you have any questions or need further assistance, you can reach out to our technical support at any time by submitting a ticket or calling our hotline.
Thank you for your understanding and trust.
Description: Multi-factor authentication (MFA) effectively prevents unauthorized access caused by password leaks. To enhance the security of your resources and data, Alibaba Cloud Resource Access Management (RAM) introduces the following default setting changes which will be effective from 14:00, July 15, 2024:
1. The default value of MFA for RAM User Logons in RAM User Security Settings is changed for users who use RAM for the first time.
○ MFA for RAM User Logons in RAM User Security Settings will default to Enable for All Users. OpenAPI: MFAOperationForLogin of the SetSecurityPreference operation will default to mandatory. This means that RAM users are required to pass an MFA every time they log on.
○ By default, mobile phones and email addresses will be selected as means of MFA in RAM User Security Settings. OpenAPI: VerificationTypes of the SetSecurityPreference operation will default to ["sms","email"].
2. If you change the value of MFA for RAM User Logons in RAM User Security Settings to Required Only for Unusual Logon, the Whether to Enable MFA Upon Unusual Logon parameter will default to Must Bind MFA Device.
3. When you create a RAM user that can be used to log on to the console, Enable MFA in the Logon Settings of the user will default to Required. OpenAPI: MFABindRequired of the CreateLoginProfile and UpdateLoginProfile operations will default to true. This means that the RAM user must bind an MFA device and must pass an MFA each time the user logs on.
Administrators with the required permissions can modify the preceding configurations. However, we recommend that you fully consider security risks when you make the modifications. If you have any questions or need further assistance, you can reach out to our technical support at any time by submitting a ticket or calling our hotline.
Thank you for your understanding and trust.
