...
1. Enable multifactor authentication (MFA) for your root AWS account. Use a physical MFA device and lock it away once enabled and tested. In many cases, the Cloud Team has enabled MFA for the root account and has escrowed the root account password and multifactor hardware key.
- Logging into AWS using your root account should now be an exceptional situation, not a daily occurrence.
- Enabling MFA: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html
- What if the MFA Device is Lost or Stops Working? http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_lost-or-broken.html
...