Amazon Web Services will give free USB security keys to some employees of U.S.-based customers

Key Points
  • Amazon will allow a limited set of customers to request free USB security keys.
  • A person working at one key provider said he thought privately held Yubico makes the keys.

In this article

Amazon CEO Andy Jassy
David Paul Morris | Bloomberg | Getty Images

Amazon's Web Services cloud unit will offer some customers free USB keys to help them securely log in to their accounts starting in October, following Amazon CEO Andy Jassy's participation in a White House cybersecurity summit on Wednesday.

The initiative demonstrates the increasing amount of corporate trust in physical hardware designed to prevent attempts to fraudulently access accounts. Such events can have financial consequences, such as enabling ransomware attacks that seek to extort money from organizations.

Many major online services, including Airbnb and Netflix, rely on AWS computing and data-storage infrastructure delivered from data centers distributed around the world, and if attackers were to get access, the availability of those services could be at risk.

AWS wants to make such incidents less likely.

A White House fact sheet released Wednesday said Amazon "announced it will make available to all Amazon Web Services account holders at no additional cost a multi-factor authentication device." But just because people have AWS accounts doesn't mean they will all automatically receive free keys, which ordinarily cost $25 or more.

Customers will be able to request the USB keys on Amazon's website starting in October, an Amazon spokesperson told CNBC on Thursday. The keys will be available to root account owners for U.S.-based customers that spend over $100 each month. but people with individual Identity and Access Management, or IAM, accounts are not eligible. A single AWS account can have 1,000 or more IAM users.

In the case of AWS, an account holder can plug a key into a PC's USB port and touch the key after typing in an email address and password to open the AWS Management Console. AWS supports keys from Thales-owned Gemalto and privately held SurePassID and Yubico.

Kevin Raineri, vice president of business development at SurePassID, said the company isn't involved with the Amazon deal. He said he would guess that it was Yubico. The AWS spokesperson declined to specify which companies will produce the keys, and Yubico declined to comment. A Gemalto spokesperson didn't respond to a request for comment.

People will be able to use the AWS-issued keys to log in to other online services, including Dropbox, Google's Gmail and Microsoft's GitHub, Amazon said in a statement.

For years Apple, Facebook, Google and Microsoft, as well as AWS, have allowed people to buy USB security keys and add them to accounts as an additional means to confirm their identities.

In U.S politics, cybersecurity has become a higher priority as well. Campaign workers became reliant on security keys during the 2020 presidential election, and in May President Joe Biden signed an executive order mandating that U.S. government agencies enable multi-factor authentication.

WATCH: Here's what CEOs are promising to do to help with U.S. cybersecurity

Here's what CEOs are promising to do to help with U.S. cybersecurity
Here's what CEOs are promising to do to help with U.S. cybersecurity