Description

The root account is the highest privileged user in the cloud account. Multi-Factor Authentication (MFA) adds another mechanism of authentication on top of a username and password. It makes it harder for an attacker to gain access to protected resources. Therefore, MFA should be enabled for the root user. It was detected that the root user does not have MFA enabled.

• 

  Recommended Mitigation

  It is recommended to enable Multi-Factor Authentication (MFA) for the root user. For information about MFA configuration, see: https://www.alibabacloud.com/help/en/resource-access-management/latest/what-is-multi-factor-authentication