# Activate MFA for your root user
<a name="getting-started-step3"></a>

We strongly recommend that you activate MFA for your root user. MFA dramatically lowers the risk of someone accessing your account without your authorization.

1.  Sign in to the [Amazon Web Services Management Console](https://console.amazonaws.cn/) as the account owner by choosing **Root user** and entering your Amazon Web Services account email address. On the next page, enter your password.

   For help signing in using your root user, see [Sign in to the Amazon Web Services Management Console as the root user](https://docs.amazonaws.cn/signin/latest/userguide/introduction-to-root-user-sign-in-tutorial.html) in the *Amazon Sign-In User Guide*.

1. Turn on MFA for your root user.

   For instructions, see [Enable a virtual MFA device for your Amazon Web Services account root user (console)](https://docs.amazonaws.cn/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-root) in the *IAM User Guide*.