Secure by Design: AWS to enhance MFA requirements in 2024

I looked at &#x27;up to 8 devices&#x2F;methods&#x27; in the AWS MFA page and wondered: is 8 2 or 4 or even 6 over the edge for how many discrete points of failure I have just introduced into my security regime?<p>It&#x27;s a tension. One: I can lose that second factor and I&#x27;m screwed (ok backup codes people). Two: That feels good because it&#x27;s where I am. Three: Can I even count up to three? What does failing to enter it correctly on 3 things mean? would i lock myself out? Is three meaning I leave one at home and have one with me so I can lose it?<p>I just think 8 is like &quot;well we wanted 7, but we decided to go to &quot;eleven&quot; on this one&quot; -unless its &quot;there are 8 bits in an unsigned byte&quot; and its a bitmap which one you use in their in-house API back end.