|
|
|
|
|
|
by michaf
3263 days ago
|
|
|
I was locked out of my AWS account for about 2 years due to loosing my 2FA authenticator on my phone. But had no open bills and didn't really care about it, so I did not try to gain back access. Until last week, when I decided that I need to use the account again. I simply clicked the recovery link on their 2FA login form. Had to enter my account details and my phone number. Within 15 minutes (as stated on the website) a member of their service team called me. I explained the situation (lost 2FA app). Not a problem, the service agent told me. He then sent me an e-mail (to my AWS-associated mail address) with some random characters, which I had to read back to him. After that he simply removed 2FA, and I was able to log in with my username/password. For me the experience was quite pleasant, but had someone else have access to my e-mail account and knew my AWS username/password, he might have been able to take over my account, bypassing 2FA. I don't quite know how to feel about that. EDIT: Ok, this probably only works if your phone number is also already associated with your account. So an attacker additionally would need access to my phone number, making things quite a bit more secure in my view. |
|
|