Free AI web copilot to create summaries, insights and extended knowledge, download it at here

Abstract

required (true) in a CloudFormation template for the LoginProfile then you can’t force password changes only if MFA is present.<figure id="4d8b"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*IOhRxdcNAT1sFbZsnSofEg.png"><figcaption></figcaption></figure>That’s because the initial password change will not have MFA enabled and the user won’t be able to change their password on first login.<figure id="b012"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*Ld6rpAYAA3d-jQ0u-T3YkQ.png"><figcaption></figcaption></figure>If there’s a workaround for this I haven’t run across it.Perhaps this screen needs to allow resetting the password and adding MFA at the same time.Follow for updates.Teri Radichel | © <a href="https://2ndsightlab.com/?source=post_page---------------------------">2nd Sight Lab</a> 2023<div id="8b5f"><pre>About Teri Radichel:

⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications:
# Options
 SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab</pre></div><div id="caae"><pre><span class="hljs-section">Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation</pre></div><div id="5a42"><pre>Follow <span class="hljs-keyword">for</span> more stories like <span class="hljs-keyword">this</span>:

❤️ Sign Up my Medium Email List ❤️ Twitter: @teriradichel ❤️ LinkedIn: https://www.linkedin.com/in/teriradichel ❤️ Mastodon: @teriradichel@infosec.exchange ❤️ Facebook: 2nd Sight Lab ❤️ YouTube: @2ndsightlab</pre></div><figure id="7286"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*4oxP4LXk8l8c3mpRvO7ejg.png"><figcaption></figcaption></figure></article></body>

Need a Way to Not Require MFA for First Password Reset

Can’t require MFA for ChangePassword in policies because the initial password reset requires MFA and that won’t work

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: Bugs | AWS Security | Secure Code

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I was just grappling with this issue.

If you set password reset required (true) in a CloudFormation template for the LoginProfile then you can’t force password changes only if MFA is present.

That’s because the initial password change will not have MFA enabled and the user won’t be able to change their password on first login.

If there’s a workaround for this I haven’t run across it.

Perhaps this screen needs to allow resetting the password and adding MFA at the same time.

Follow for updates.

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab