Lost MFA Key & Recovering AWS Root Account

, posted

As a secuirty measure, I had multi-factor authentication (MFA) enabled on my AWS root user account & I was using a secondary user account as my regular handle with admin privileges. Last time when I had to reset my iPad for downgrading to stable OS version, I also lost my AWS TOTP signature key which I realized days later when I tried to sign in into my AWS account.

I was using Lastpass Authenticator to generate TOTP, which actually had my AWS signature key saved into it. I had no clue the Authenticator saves the authentication key locally. They sell cloud as a feature of paid tier. I was locked out of my AWS root account, well almost.

Actually there is an option to recover root account in case a user looses his MFA device but when I tried I was out of luck. The option to get verification email was broken. It has been more than a week now & I re-attempted a while back & the option was fixed.


That got me some real peace of mind after a while even though secondary user account was equipped with admin rights. But who knows when the access to root account could’ve been real important, like updating billing details. Dangit xD.

I am enabling the MFA back but this time I will either look into a cloud based Authenticator or I will make the backup of TOTP key with AES encryption over iCloud.

So that is all about this post. Hope you got some lesson from my mistake.

Reply via mail

Your Signature