AWS will require multi-factor authentication (MFA) for all privileged accounts starting in 2024. Customers signing into the AWS Management Console with the root user of an AWS Organizations management account will be required to use MFA. The program will be expanded to additional scenarios throughout 2024. AWS encourages customers to adopt MFA, particularly phishing-resistant forms such as security keys. MFA is crucial in mitigating the risks of phishing attacks. Valid credentials were the top initial access vector for cloud compromise in real-world incidents.

https://www.infosecurity-magazine.com/news/aws-multifactor-authentication-2024/