You can enable YubiKey as MFA for your IAM users using the IAM console and for your root users using the Security Credentials page. When you enable YubiKey as MFA, AWS prompts you for your username and password (the first factor – what you know) and also provides an authentication challenge to your YubiKey (the second factor – what you have) when you sign in to the AWS Management Console. You can successfully complete the authentication challenge by simply touching the button or gold disk on your YubiKey. For more information on how to enable and sign in using YubiKey, please read Use YubiKey security key to sign into AWS Management Console with YubiKey for multi-factor authentication.