I use Amazon's AWS extensively; their two-factor authentication is pretty great. Recently I had the pleasure of resetting an Amazon Web Services IAM user account after losing my virtual MFA device. Thanks to a botched iOS 6 update, I lost everything on my phone, including all of my Google Authenticator profiles. That meant I had no way to log in to any of my protected accounts, including AWS. Yikes!
Amazon's MFA FAQ addresses this scenario, but doesn't say what is involved in the reset process. Here's what I was asked to do when I contacted Amazon support:
- Identify myself by name and email address.
- Provide the address on the AWS account, with absolute precision. There was a bit of back and forth until I refined my answer to include the type of street (e.g. "Avenue").
- Last 4 digits of the credit card associated with the account.
- Exact amount of a previous AWS bill.
- The agent then emailed me a PIN number and asked me to hang up.
- The agent then called back at a phone number associated with the account, and asked me to recite the emailed PIN.
I hope this helps someone else in a similar situation.