Enabling root user multi-factor authentication is great security practice. Some companies go as far as enabling physical MFA and locking it down in vault somewhere. nOps provide easy overview which one of your projects don’t have root MFA enabled. You can also receive real-time notifications when root logs in the console with our without MFA.

Root-user MFA Rule

To enable the rule, simply go to the “Available nOps Rules” tab in nOps Rules and click on the “Users without MFA Check” rule.

Root-user-MFA-Rule-v2

Root-user MFA Summary

Once enabled, the rule will appear on the “Applied nOps Rules” tab with a count of all projects and their root login that violates the rule.

Root-user-MFA-Summary-v2

Root-user MFA Detail

Clicking on the rule in the “Applied nOps Rules” tab, you will be able to see, in detail, the projects and their associated root logins that do not have MFA enabled.

Root-user-MFA-Detail-v2

Root-user MFA Alerts

Once enabled, you can configure your nOps account to receive email, Slack, and/or Hipchat alerts, alerting you to when the root logins do not have MFA enabled.

Root-user-MFA-Alerts-v2