# MFA Delete

* You can optionally **add another layer of security by configuring a bucket to enable MFA Delete**, which **requires additional authentication for either of the following operations:**

  * **Change the versioning state of your bucket**.
  * **Permanently delete an object version**.

* MFA Delete **requires two forms of authentication together:**

  * Your **security credentials**.
  * The **concatenation of a valid serial number, a space, and the six-digit code displayed on an approved authentication device**.

* MFA Delete thus **provides added security in the event, for example, your security credentials are compromised**.

* **Only the bucket owner can enable and disable** MFA Delete.