AWS Single Sign-on (AWS SSO) now enables you to increase security by enabling multi-factor authentication (MFA) with authenticator applications, such as Authy and Google Authenticator that generate time-based one-time passcodes (TOTP). You can now configure AWS SSO to require users to enter an authenticator-generated TOTP code in addition to their password. MFA improves security by requiring people to know something (their password) and have something (their authenticator) before they can sign in.

from Recent Announcements